VMware Networking Community
Hot Shot
Hot Shot

Method to cause NSX Manager to reissue self-signed cert after FDQN change

I have an NSX manager with fqdn


The domain has been updated and changed to

nsxmgr.my.newdomain.com, dns records edited etc. and the NSX Manager VM reflects that in it's networking, hostname, dns configuration.

However the Self-Signed cert still shows up as nsxmgr.my.olddomain.com

This is causes API calls from an app written by our front end devs to bork.  As the cert fqdn (CN) doesn't match the fqdn of the VM itself.

I DO NOT WANT to replace the current cert with a CA signed one.  I know how to build a Windows CA/PKI thanks.  But I don't want to.

I just want an API call or option to get the NSX Manager to re-issue itself with a cert based on it's new FQDN.

I can't find anything in the API docs (other than browsing existing certs or the usual CSR generation and import/export of a new externally signed certs)

I've tried SSH but as you get a Cisco-esque high-level command interface you can't checkout the rui.key/rui.crt as you can on a VCSA, if it even exists.

Answers on a postcard please?

-------------- If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Chris Neale VCIX6-NV;vExpert2014-17;VCP6-NV;VCP5-DCV;VCP4;VCA-NV;VCA-DCV;VTSP2015;VTSP5;VTSP4 http://www.chrisneale.org http://www.twitter.com/mrcneale
0 Kudos
1 Reply

try this:

1. install openssl somewhere (in your pc for example)

2. create config file e.g. nsxcert.cfg

3. create CSR and export private keys in openssl with option -config nsxcert.cfg

4. create a self-signed .crt from the .csr in #3

5. convert .crt to .p12, take note the password

6. import cert to NSX via NSX Manager UI

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos