After you replace the certificates of all Platform Services Controller instances and all vCenter Server instances, replace the certificates for the NSX Manager instances. 

You replace certificates twice, once for each NSX Manager. You first start replacing certificates on the NSX Manager for the mgmt01nsxm01.sfo01.rainpole.local management cluster.

Certificate-Related Files on the NSX Manager Instances in Region A

NSX Manager FQDN

Certificate File Name

Replacement Time

mgmt01nsxm01.sfo01.rainpole.local

mgmt01nsxm01.sfo01.chain.cer from manual generation

mgmt01nsxm01.sfo01.4.p12 from the automation generation

After you replace the certificate on the Management vCenter Server

comp01nsxm01.sfo01.rainpole.local

comp01nsxm01.sfo01.chain.cer from manual generation

comp01nsxm01.sfo01.4.p12 from the automation generation

After you replace the certificate on the Compute vCenter Server

1

On the Windows host that has access to the data center, log in to the NSX Manager Web interface.

a

Open a Web browser and go to following URL. 

NSX Manager

URL

NSX Manager for the management cluster

https://mgmt01nsxm01.sfo01.rainpole.local

NSX Manager for the shared compute and edge cluster

https://comp01nsxm01.sfo01.rainpole.local

b

Log in using the following credentials.

Setting

Value

User name

 admin

Password

 nsx_manager_admin_password

2

On the Manage tab, click SSL Certificates, click Import and provide the certificate chain file.

3

Restart the NSX Manager to propagate the CA-signed certificate.

a

In the right corner of the NSX Manager page, click the Settings icon. 

b

From the drop-down menu, select Reboot Appliance.

4

Re-register the NSX Manager to the Management vCenter Server.

a

Open a Web browser and go to the NSX Manager Web interface.

Setting

Value

NSX Manager for the management cluster

https://mgmt01nsxm01.sfo01.rainpole.local

NSX Manager for the shared compute and edge cluster

https://comp01nsxm01.sfo01.rainpole.local

b

Log in using the following credentials. 

Setting

Value

User name

 admin

Password

 nsx_mngr_admin_password

c

Click Manage vCenter Registration.

d

Under Lookup Service, click the Edit button.

e

In the Lookup Service dialog box, enter the following settings, and click OK.

Setting

Value

Lookup Service IP

sfo01psc01.sfo01.rainpole.local

Lookup Service Port

443

SSO Administrator User Name

administrator@vsphere.local

Password

vsphere_admin_password

f

In the Trust Certificate? dialog box, click Yes.

g

Under vCenter Server, click the Edit button.

h

In the vCenter Server dialog box, enter the following settings, and click OK.

Setting

Value for the NSX Manager for the Management Cluster

Value for the NSX Manager for the Shared Edge and Compute Cluster

vCenter Server

mgmt01vc01.sfo01.rainpole.local

comp01vc01.sfo01.rainpole.local

vCenter User Name

svc-nsxmanager@rainpole.local

Password

svc-nsxmanager_password

i

In the Trust Certificate? dialog box, click Yes.

j

Wait until the Status indicators for the Lookup Service and vCenter Server change to Connected.

5

Repeat the steps for the NSX Manager for the shared compute and edge cluster.