Tomcat : for external communication from nsx manager nodes
mpc luster: for external communcation from nsx manager to nsx manager cluster.
local manager : for nsx federation account
by default these there certificate are valid till 825days .
1. Login to NSX Manager
2. Go to System -> certificate

3. Once you verify the Certificate validation for Mpcluster , tomcat and localManager . then proceed for the replacement of the certs , Here i am trying to replace the Certificate for localManager which is going to expire Aug 15 2025 .

4. Generate the CSR Using the existing information and Click Generate

5. Now click on the CSR which you have generated in step 4 , in my case its for localManager.
6. Select LocalManager -> Action-> Self sign certificate for CSR - >
keep 825 days default value and click Save


7. once the certificate is created , if we go into the Certificate tab , we will see two certs for localManager. one with old version and one with new one which we created.

8. Download postman for publishing the certificate .
9. open postman -> create new request
10. Keep params default
11. Authorization : ender admin and password

12. Headers : enter value as application\json

13. Under Body select radio button on raw and JSON
{ "cert_id": "certificate 6df5417c-a6f5-43bf-82d4-c9cd0131cc77",
"service_type": "LOCAL_MANAGER" }

how to find Certificate Id : Login to the NSX-> Certificate -> Newly Created Certificate expand it u will see the ID as show below.

16. Click on Send , this will pass the certificate to nsx manager .
टिप्पणियां