Hello all,
Need to renew the NSX-T certificates. I will use self signed ones. I have a cluster with 3 managers.
I notice that the actual certificates of mp-cluster and the tomcat certificate for node 1, are issued to the hostname of manager one, and not to the fqdn. For node2 and node 3 the certificates are issued for the fqdns.
My question is:
When i generate new certificates, in this case for node1 and mp-cluster, should i use the fqdn, or only the hostname?
Thanks.
Regards.
If you can, issue a certificate to the FQDN of the vIP and add the individual host names as Subject Alternative Names (SANs) along with the vIP ID. You should have 4 total SANs, unless you have the ability to also add the IP address (then it should be 😎
This will allow your NSX managers to authenticate either when addressed individually or as a cluster member.
If you can, issue a certificate to the FQDN of the vIP and add the individual host names as Subject Alternative Names (SANs) along with the vIP ID. You should have 4 total SANs, unless you have the ability to also add the IP address (then it should be 😎
This will allow your NSX managers to authenticate either when addressed individually or as a cluster member.
Hello,
1. Can we extend the duration of an expired certificate?
2. You advised entering SAN (VIP and three manager nodes with FQDN) for a certificate, but in the CSR generating process we only can enter the Common name, there is no section for entering SAN?