NSX Edge vs vShield Edge: Part 4 – Generating Self Signed SSL Certificates

Overview:

With the VSE and NSX Edges there are a number of features that can take advantage of Certificate services both as authentication mechanisms and for more traditional SSL Server Certificate termination. In both the VSE and NSX Edges you have the ability to Generate or Import a certificate with the following being a quick overview of how to generate a self signed certificate which can then be used for Edge services. In this post I am only going to go through the Web Client setup and not list the API commands as with other posts in this series…there is no vCloud Director UI to configure certificates.

Configuring Self Signed SSL Certificate From Web Client:

Double Click on the Edge under the NSX Edge Menu Option in Networking and Security, Select the Manage Tab and Click on the Certificates Option in the Menu. Click on Actions and Generate CSR.

The following entries are required to create the request:

Once completed the CSR will be shown in the PEM Encoding Box. This needs to be copied to complete the request if the CSR is to be completed externally.

Select the Certificate in the Main Window and drop down the Actions item and choose Self Sign Certificate.

Enter in the days required (generally this should be between 1-3 years)

Once completed you will see a new SSL Cert appear in the Certificates main window which is of Type Self Signed

The SSL Certificate can now be used for EDGE Services.

Further Reading:

http://pubs.vmware.com/NSX-61/topic/com.vmware.ICbase/PDF/nsx_61_api.pdf 

Leave a Reply