Hello,
I am trying to replace default self-signed certificate of NSX-T Manager. I followed the procedure that explained on NSX-T Documentation but stuck in certification verification step.
The CSR is generated from NSX-T Manager UI under System, Certificates, CSRs tab. I used Microsoft CA and through submit the certificate request through Web enrolment interface.
I used Web Server certificate template, also another certificate template that I previously created for NSX-V, and exported the certificate chain with Base 64 encoded.
The exported certificate chain is imported to NSX-T but before replacing the certificate, I ran following REST API call to validate the certificate;
GET https://<nsx-mgr>/api/v1/trust-management/certificates/<certificate-id>?action=validate
But I got this error on Postman.
{
"status" : "ERROR",
"error_message" : "Certificate is not compliant as certificate of type SERVER: Basic constraints Extension is not present in the certificate"
}
I asked around but seems that many people had the same experince and couldn't replace the self-signed certificates.
Anyone could run this process with Microsoft CA successfully?
Best,
NetRock