I have an NSX manager with fqdn
The domain has been updated and changed to
nsxmgr.my.newdomain.com, dns records edited etc. and the NSX Manager VM reflects that in it's networking, hostname, dns configuration.
However the Self-Signed cert still shows up as nsxmgr.my.olddomain.com
This is causes API calls from an app written by our front end devs to bork. As the cert fqdn (CN) doesn't match the fqdn of the VM itself.
I DO NOT WANT to replace the current cert with a CA signed one. I know how to build a Windows CA/PKI thanks. But I don't want to.
I just want an API call or option to get the NSX Manager to re-issue itself with a cert based on it's new FQDN.
I can't find anything in the API docs (other than browsing existing certs or the usual CSR generation and import/export of a new externally signed certs)
I've tried SSH but as you get a Cisco-esque high-level command interface you can't checkout the rui.key/rui.crt as you can on a VCSA, if it even exists.
Answers on a postcard please?
1. install openssl somewhere (in your pc for example)
2. create config file e.g. nsxcert.cfg
3. create CSR and export private keys in openssl with option -config nsxcert.cfg
4. create a self-signed .crt from the .csr in #3
5. convert .crt to .p12, take note the password
6. import cert to NSX via NSX Manager UI