Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
VMware NSX Cookbook

You're reading from   VMware NSX Cookbook Over 70 recipes to master the network virtualization skills to implement, validate, operate, upgrade, and automate VMware NSX for vSphere

Arrow left icon
Product type Paperback
Published in Mar 2018
Publisher Packt
ISBN-13 9781782174257
Length 584 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Tony Sangha Tony Sangha
Author Profile Icon Tony Sangha
Tony Sangha
Bayu Wibowo Bayu Wibowo
Author Profile Icon Bayu Wibowo
Bayu Wibowo
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Getting Started with VMware NSX for vSphere FREE CHAPTER 2. Configuring VMware NSX Logical Switch Networks 3. Configuring VMware NSX Logical Routing 4. Configuring VMware NSX Layer 2 Bridging 5. Configuring VMware NSX Edge Services Gateway 6. Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard 7. Configuring Cross-vCenter NSX 8. Backing up and Restoring VMware NSX Components 9. Managing User Accounts in VMware NSX 10. Upgrading VMware NSX 11. Managing and Monitoring VMware NSX Platform 12. Leveraging the VMware NSX REST API for Management and Automation 13. Other Books You May Enjoy

Replacing the NSX Manager certificate

When you first deploy the NSX Manager, it creates a self-signed certificate. Using a self-signed certificate is generally not a recommended security practice. It is recommended to deploy a signed certificate from your internal certificate authority. NSX Manager supports two ways of deploying a signed certificate, which are as follows:

  • Certificate signing request to a Certificate Authority (CA)
  • Importing a PKCS#12 certificate archive (bundle) onto the NSX Manager, which includes the private and public key for NSX Manager and certificate chain of any subordinate CAs in your environment

In the following recipes, we will explore how you can create a certificate signing request on NSX Manager and how to import a PKCS#12 certificate bundle onto the NSX Manager.

Certificate Signing Request

A Certificate Signing Request (CSR) is the first part in a three-step process; this process involves the following steps:

  1. The NSX Manager creating a CSR
  2. The CSR is sent as a request to the certificate authority, which then signs the certificate and sends back a signed certificate
  3. Importing the signed certificate into the NSX Manager

How to do it...

The procedure to complete a certificate signing request is as follows:

  1. Log into NSX Manager via your web browser
  2. Click on Manage Appliance Settings
  3. Click on SSL Certificates
  1. Click on Generate CSR and follow the prompts as per the following screenshot:
  1. Click on OK and select Download CSR
  2. Send the CSR file to your security administrator and get the certificate signed
  3. With the returned certificate, click on Import so you can import the correct certificate into the NSX Manager
  4. Reboot the NSX Manager to complete the process of importing a signed certificate into the NSX Manager

PKCS#12 certificate

Importing PKCS#12 into the NSX Manager is used when the certificate signing was not completed using the CSR method outlined in the previous recipe. The PKCS#12 format is typically used in scripted installations of NSX Manager and other components. If a CSR was not generated by the NSX Manager itself, it is required that the PKCS#12 archive is imported into NSX Manager.

The PKCS#12 archive generally consists of the following:

  • A signed server certificate
  • A private key for the signed certificate
  • Root and intermediate certificate authority public keys

The PKCS#12 is also password-protected, so it's important to have the password before attempting to import the PKCS#12 archive into NSX Manager.

In some cases, the received signed certificate may not be in the PCKS#12 format. In this event, you must convert the certificates into the PKCS#12 format for import into the NSX Manager. This can be achieved using openSSL (https://www.openssl.org/), and the command to achieve this is as follows:

openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CACert.crt  

How to do it...

The procedure to import the PCKS#12 archive is as follows:

  1. Log into the NSX Manager via your web browser
  2. Click on Manage Appliance Settings
  3. Click on SSL Certificates
  4. Click on Upload PCKS#12 Keystore and browse to the file
  5. Enter the password for archive and click on Import
  6. Reboot the NSX Manager to complete the process of importing the signed certificate
You have been reading a chapter from
VMware NSX Cookbook
Published in: Mar 2018
Publisher: Packt
ISBN-13: 9781782174257
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image