VMware Networking Community
ChrisOk
Enthusiast
Enthusiast
‎03-18-2021 06:57 AM

[NSX-T 3.1] Export root ca certificate file of NSX-T manager

According to https://kb.vmware.com/s/article/2108294 for VMware vCenter you can download all certificate files including root ca file as followed:

Note: Direct URL to download the Certificate is https://vCenter_FQDN/certs/download.zip (Example - https://vcenter.domain.com/certs/download.zip).

How can I download / export all certificate on a NSX-T manager node?

0 Kudos
1 Reply
shank89
Expert
Expert
‎03-18-2021 01:33 PM

So under the hood of the nsx manager appliance it's all ubuntu, with the ca-certificates package installed.  Not saying this is what you are after, but I haven't been able to find a nice way of doing this yet.

On the appliance as root, you could run this -  openssl s_client -showcerts -verify 5 -connect nsxmgr:443 < /dev/null, the certs should be at the top of the list.  I think they may be the ones you need.  You could save them to a file.

Or GET https://nsxmgr/v1/trust-management/certificates/ may have the one you are after.

 

Again not too sure if this is what you are after, just something I have found.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
0 Kudos