In SDDC Manager I replaced the certs in the MGMT without issue. I couldn't use the automate Microsoft CA process so had to generate a csr bundle and then manually generate the certs with our internal Microsoft CA and upload the completed .tar.gz file.
On next domain the process is stuck though. After replacing the vcenter cert in that domain it has not gone onto the next components (vxrail manager and nsx-t manager). The folders output by that csr bundle has a lot more nsx-t manager vms listed in the GUI; I put a certificate into each folder just like the MGMT domain... not sure if that caused any issue.
Anyone seen this before or know how to force the process to fail or do I need to open a support request?
Once we're on the topic of certificates, is there any issue if I redo the certificate replacement process but just target the nsx component in MGMT? I discovered that the NSX .csr doesn't include a subject alternate name unlike all the other components. Chrome is reporting the certs as invalid as a result. If someone from VMware sees this, can NSX (both -V and -T) be fixed to include a subject alternate name in it's request?
Look in the attached document, (page 24) it can be useful:
Install Certificates with the Microsoft Certificate Authority
You can generate a CSR and signed certificates, and install them for selected resource components directly in the SDDC Manager Dashboard.
I am also attaching a document for the CA VXRAIL
The time required to issue a new SSL certificate depends on many factors. The SSL certificate type, the validation process, and how quickly you respond with requested information from us or the certificate authority communications MyAARPMedicare