top of page
  • viquarmca

How to Replace NSXT Manager Self Sign Certificate For LocalManager , MP-Cluster And Tomcat


Tomcat : for external communication from nsx manager nodes

mpc luster: for external communcation from nsx manager to nsx manager cluster.

local manager : for nsx federation account


by default these there certificate are valid till 825days .


1. Login to NSX Manager

2. Go to System -> certificate


3. Once you verify the Certificate validation for Mpcluster , tomcat and localManager . then proceed for the replacement of the certs , Here i am trying to replace the Certificate for localManager which is going to expire Aug 15 2025 .


4. Generate the CSR Using the existing information and Click Generate


5. Now click on the CSR which you have generated in step 4 , in my case its for localManager.


6. Select LocalManager -> Action-> Self sign certificate for CSR - >


keep 825 days default value and click Save




7. once the certificate is created , if we go into the Certificate tab , we will see two certs for localManager. one with old version and one with new one which we created.


8. Download postman for publishing the certificate .

9. open postman -> create new request

10. Keep params default

11. Authorization : ender admin and password



12. Headers : enter value as application\json


13. Under Body select radio button on raw and JSON


{ "cert_id": "certificate 6df5417c-a6f5-43bf-82d4-c9cd0131cc77",

"service_type": "LOCAL_MANAGER" }


how to find Certificate Id : Login to the NSX-> Certificate -> Newly Created Certificate expand it u will see the ID as show below.


16. Click on Send , this will pass the certificate to nsx manager .


318 views0 comments

Comments


bottom of page