This article focusing on the main piont to help to renew the local NSX-T sertificates:
Use REST API requests by Postman for example.
use admin credentials to make API requests.
STEP x: Generate self signed certificate:
Make sure that when this certificate was imported, the option Service Certificate was set to No
STEPx: Validate the cetrificate:
- The basic API call for this is: GET https://<nsx-mgr>/api/v1/trust-management/certificates/<cert-id>?action=validate>
Responce shuld be: "status": "OK"
POST https://<nsx-local-mgr>/api/v1/trust-management/certificates?action=set_pi_certificate_for_federation { "cert_id": "c5f13ec0-8075-441e-80b5-aeb707f6b87e", "service_type": "LOCAL_MANAGER" }
Main article for more information:
After implementation test:
Search the cert ID and section "used_by" should represent where the cert is in use.