Tomcat : for external communication from nsx manager nodes
mpc luster: for external communcation from nsx manager to nsx manager cluster.
local manager : for nsx federation account
by default these there certificate are valid till 825days .
1. Login to NSX Manager
2. Go to System -> certificate
3. Once you verify the Certificate validation for Mpcluster , tomcat and localManager . then proceed for the replacement of the certs , Here i am trying to replace the Certificate for localManager which is going to expire Aug 15 2025 .
4. Generate the CSR Using the existing information and Click Generate
5. Now click on the CSR which you have generated in step 4 , in my case its for localManager.
6. Select LocalManager -> Action-> Self sign certificate for CSR - >
keep 825 days default value and click Save
7. once the certificate is created , if we go into the Certificate tab , we will see two certs for localManager. one with old version and one with new one which we created.
8. Download postman for publishing the certificate .
9. open postman -> create new request
10. Keep params default
11. Authorization : ender admin and password
12. Headers : enter value as application\json
13. Under Body select radio button on raw and JSON
{ "cert_id": "certificate 6df5417c-a6f5-43bf-82d4-c9cd0131cc77",
"service_type": "LOCAL_MANAGER" }
how to find Certificate Id : Login to the NSX-> Certificate -> Newly Created Certificate expand it u will see the ID as show below.
16. Click on Send , this will pass the certificate to nsx manager .
Kommentare