You can generate a CSR and get it signed by a CA. If you generate a CSR at the global level, it is available to all NSX Edges in your inventory.

1

Do one of the following.

Option

Description

To generate a global certificate

a

Log in to the NSX Manager Virtual Appliance.

b

Click the Manage tab and then click SSL Certificates.

c

Click Generate CSR.

To generate a certificate for an NSX Edge

a

Log in to the vSphere Web Client.

b

Click Networking & Security and then click Edge Services.

c

Double-click anNSX Edge.

d

Click the Manage tab and then click Settings.

e

Click the Certificates link.

f

Click Actions and select Generate CSR.

2

Type your organization unit and name.

3

Type the locality, street, state, and country of your organization.

4

Select the encryption algorithm for communication between the hosts.

Note that SSL VPN-Plus only supports RSA certificates.

5

Edit the default key size if required.

6

For a global certificate, type a description for the certificate.

7

Click OK.

The CSR is generated and displayed in the Certificates list.

8

Have an online Certification Authority sign this CSR.

9

Import the signed certificate.

a

Copy the contents of the signed certificate.

b

Do one of the following.

To import a signed certificate at the global level, click Import in the NSX Manager Virtual Appliance.

To import a signed certificate for an NSX Edge, click Actions and select Import Certificate in the Certificates tab.

c

In the Import CSR dialog box, paste the contents of the signed certificate.

d

Click OK.

The CA signed certificate appears in the certificates list.