Replace the NSX Manager Certificates in Region B
After you replace the certificates of all Platform Services Controller instances and all vCenter Server instances, replace the certificates for the NSX Manager instances.
About this task
You replace certificates twice, once for each NSX Manager. You start by replacing certificates on NSX Manager for the mgmt01nsxm51.lax01.rainpole.local management cluster.
| NSX Manager FQDN | Certificate File Name | Replacement Time |
|---|---|---|
| mgmt01nsxm51.lax01.rainpole.local | - mgmt01nsxm51.lax01.chain.cer from manual generation |
mgmt01nsxm51.lax01.4.p12 from the CertGenVVD tool|After you replace the certificate on the Management vCenter Server| |comp01nsxm51.lax01.rainpole.local|- comp01nsxm51.lax01.cer.chain.cer from manual generation
comp01nsxm51.lax01.4.p12 from the CertGenVVD tool|After you replace the certificate on the Compute vCenter Server|
Procedure
On the Windows host that has access to the data center, log in to the NSX Manager Web interface.
Open a Web browser and go to following URL. |NSX Manager|URL| |:----------|:--| |NSX Manager for the management cluster|https://mgmt01nsxm51.lax01.rainpole.local| |NSX Manager for the shared compute and edge cluster|https://comp01nsxm51.lax01.rainpole.local|
Log in using the following credentials.
Setting
Value
User name
admin
Password
nsx_manager_admin_password
On the Manage tab, click SSL Certificates, click Import and provide the certificate chain file.
Restart the NSX Manager to propagate the CA-signed certificate.
- In the right corner of the NSX Manager page, click the Settings icon.
- From the drop-down menu, select Reboot Appliance.
Re-register the NSX Manager to the Management vCenter Server.
Open a Web browser and go to the NSX Manager Web interface. |NSX Manager|URL| |:----------|:--| |NSX Manager for the management cluster|https://mgmt01nsxm51.lax01.rainpole.local| |NSX Manager for the shared compute and edge cluster|https://comp01nsxm51.lax01.rainpole.local|
Log in using the following credentials.
Setting
Value
User name
admin
Password
nsx_mngr_admin_password
Click Manage vCenter Registration.
- Under Lookup Service, click the Edit button.
In the Lookup Service dialog box, enter the following settings, and click OK.
Setting
Value
Lookup Service IP
lax01psc51.lax01.rainpole.local
Lookup Service Port
443
SSO Administrator User Name
Password
vsphere_admin_password
In the Trust Certificate? dialog box, click Yes.
- Under vCenter Server, click the Edit button.
In the vCenter Server dialog box, enter the following settings, and click OK.
Setting
Value for the NSX Manager for the Management Cluster
Value for the NSX Manager for the Shared Edge and Compute Cluster
vCenter Server
mgmt01vc51.lax01.rainpole.local
comp01vc51.lax01.rainpole.local
vCenter User Name
Password
svc-nsxmanager_password
In the Trust Certificate? dialog box, click Yes.
- Wait until the Status indicators for the Lookup Service and vCenter Server change to
Connected.
Repeat the steps for the NSX Manager for the shared compute and edge cluster.
Reconnect to the NSX Manager instances in Region A.
- Open a Web browser and go to https://mgmt01vc51.lax01.rainpole.local
Log in using the following credentials. |Setting|Value| |:------|:----| |User name|[email protected]| |Password|vsphere_admin_password|
From the vSphere Web Client Home menu, select Networking & Security.
- Click Installation in the Navigator.
- On the Management tab , select the 172.17.11.65 instance from the NSX Manager menu.
- If primary and secondary nodes are not syncing correctly
- Select Actions > Disconnect from Primary NSX Manager.
- On the Management tab , select the 172.16.11.65 instance from the NSX Manager drop-down menu.
- Select Actions > Add Secondary NSX Manager
In the Add Secondary NSX Manager dialog box, enter the following settings and click OK. |Setting|Value| |:------|:----| |NSX Manager|172.17.11.65| |Username|admin| |Password|mgmtnsx_admin_password| |Confirm Password|mgmtnsx_admin_password|
In the Trust Certificate confirmation dialog box, click Yes.
Repeat 6e to 6k for the NSX Manager instances for the shared edge and compute cluster.
Reconnect the 172.17.11.66 secondary NSX Manager for the shared edge and compute cluster in Region B to the primary NSX Manager 172.16.11.66 for the shared edge and compute cluster in Region A.
Reconnect the NSX Manager instances to vRealize Operations Manager.
- Open a Web browser and go to https://vrops-cluster-01.rainpole.local.
Log in using the following credentials. |Setting|Value| |:------|:----| |User name|admin| |Password|vrops_admin_password|
In the left pane of vRealize Operations Manager, click Administration and click Certificates.
- Select the row that contains
CN=mgmt01nsxm51.lax01.rainpole.localand click the Delete icon. - Select the row that contains
CN=comp01nsxm51.lax01.rainpole.localand click the Delete icon. - In the left pane of vRealize Operations Manager, click Administration and click Solutions.
- From the solution table on the Solutions page, select the Management Pack for NSX-vSphere solution, and click the Configure icon at the top.
- In the Manage Solutions dialog box, from the Adapter Type table at the top, select NSX-vSphere Adapter.
- Click the mgmt01nsxm51-lax01 adapter instance, click Test Connection, accept the new certificate and click Save settings.
- Click comp01nsxm51-lax01 adapter instance, click Test Connection, accept the new certificate and click Save settings.
Parent topic: Replace Certificates of the Virtual Infrastructure Components in Region B
Previous topic: Replace the Default Certificate with a Custom Certificate on the ESXi Hosts in Region B
Next topic: Replace the Certificate of vSphere Data Protection in Region B