Generate Manually Key Pairs and Certificate Singing Requests for NSX in Region A

If you plan to generate manually a CA-signed certificate for NSX, generate a Certificate Signing Request (CSR) and submit it to the certificate authority for signing.

Procedure

  1. Log in to the Windows host that has access to the AD server as an administrator.

  2. On the Windows host that has access to the data center, log in to the NSX Manager Web interface.

    1. Open a Web browser and go to following URL. |NSX Manager|URL| |:----------|:--| |NSX Manager for the management cluster|https://mgmt01nsxm01.sfo01.rainpole.local| |NSX Manager for the shared compute and edge cluster|https://comp01nsxm01.sfo01.rainpole.local|

    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      nsx_manager_admin_password

  3. Click Manage Appliance Settings.

  4. In the Settings pane on the left, click SSL Certificates.
  5. Under SSL Certificates on the right, click Generate CSR.

  6. In the Generate Certificate Signing Request dialog box, provide the following information, and click OK.

    CSR Info

    Value

    Algorithm

    RSA

    Key size

    2048

    Common Name

    • mgmt01nsxm01.sfo01.rainpole.local

    • comp01nsxm01.sfo01.rainpole.local

    Organization Unit

    Rainpole

    Organization Name

    Rainpole

    Locality Name

    SFO

    State Name

    CA

    Country Code

    US

  7. Under SSL Certificates, click Download CSR.

    VMware NSX downloads a CSR file called NSX to the default download directory.

  8. Copy the NSX file to the following local directory on the Windows host that you use to access the data center.

    Create the directory if necessary.

    |NSX Manager Instance|Directory on the Windows Host| |:-------------------|:----------------------------| |mgmt01nsxm01.sfo01.rainpole.local|C:\manual-certs\nsx\mgmt01nsxm01.sfo01| |comp01nsxm01.sfo01.rainpole.local|C:\manual-certs\nsx\comp01nsxm01.sfo01|

  9. Rename the file adding the .csr extension at the end of the file name.

    NSX Manager

    File Name

    mgmt01nsxm01.sfo01.rainpole.local

    mgmt01nsxm01.sfo01_ssl.csr

    comp01nsxm01.sfo01.rainpole.local

    comp01nsxm01.sfo01_ssl.csr

What to do next

Obtain a signed certificate from the Microsoft certificate authority. See Generate CA-Signed Certificates for the SDDC Management Components in Region A .

Parent topic: Generate Manually Key Pairs and Certificate Signing Requests for the Management Components in Region A

results matching ""

    No results matching ""