VMware Networking Community
pargit
Enthusiast
Enthusiast
‎02-26-2020 06:23 AM

replace nsx ssl certificate

hi,

i have 2 nsx-v 6.4.5 Build 13282012 connected to 2 vc's running vcsa 6.7u3

i created ssl request from the admin ui and generated the certificate in our ADCS (as i did with the vc's and vrops servers certificates).

i used the ca template i created for the vc (using microsoft guideline for vcenter 6.7 certificate).

when i load the new certificate i still get browsers security errors on the certificate.

i noticed that the cert is missing the Subject Alternative name which most browsers requier today (and might be the reason for the error)

my question is, can i generate a "normal" certificate with private key using my ca and load it (with the key) to the nsx manager? is that supported?

is there a way to generate the request from the nsx admin with the subject alt name?

thanks

Mordechai

0 Kudos
2 Replies
Alex_Romeo
Leadership
Leadership
‎02-26-2020 07:31 AM

Hi,

Did you perform these steps?

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
pargit
Enthusiast
Enthusiast
‎02-26-2020 10:33 PM

Yep. Step by step.

i used this guide to create the ca template for the vc

https://vmarena.com/microsoft-certificate-authority-template-creation-for-ssl-certificate-in-vsphere...

and this guide for the nsx cert.

vGarethLewis - NSX Manager - Replacing the SSL Certificate

but still, both chrome and edge (canari dev version) and ie11 show the certificate as "Not secured"

From other certificates I recently created I know that modern browsers are requesting also the "Subject Alt. Name" field also.

any thoughts?

Thanks

Mor

0 Kudos