When you generate at Global Level and Import at Global Level.CA signed certificate is applicable for all the edges(1:Many Mapping).However you can explicitly create CSR of each Edge(1:1 mapping) and Import only for those edges as well. Depending upon the business use case you can create/import accordingly.

For eg: If i have multiple tenants and i'm using VSE features,i would prefer creating a separate certificate for each Edge rather doing creating CSR at Global Level and getting applied to all edges.

However for encrypting information sent to the VCNS,we will create CA singed cert of Management software as well(1:1 mapping)

Hello,

I get that I can create a signed cert. for the Edge, but I'm confused as to how I can import it.

Here is the procedure I have been following:

I log into vCNS -> my data center -> Network Virtualization -> Edges, then double click my edge device -> configure -> certificates -> actions -> generate CSR

I then copy the contents from the PEM Encoding text box.

I log into my CA server (MS CA Services)

I click Request a Certificate -> click Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or submit a renewal....

I paste the contents of the CSR and submit.

The CA admin approves the request.

In the CA server I can then download a filename.cer file.

At this point I do back into vCNS -> edge certificate screen, when I click the actions -> import certificate, its expecting my to submit the contents of a signed certificate. Which I can't do because the filename.cer file is encrypted. Am I doing something wrong in regards to generating the CSR, the type of certificate I'm getting signed...or am I way off base with the entire signed certificate process?