During my study for the VCIX-NV exam I was writing a post on using the REST API client in Google Chrome when I hit an issue connecting to my NSX Manager via the API call. The error message that I received was below.
Could not get any response This seems to be like an error connecting to https://nsxmanager.vcloud.local/api/2.0/services/ssoconfig. The response status was 0. Check out the W3C XMLHttpRequest Level 2 spec for more details about when this happens.
After checking the certificate on NSX Manager, I noticed that the certificate showed localhost rather than the actual hostname for the NSX Manager, which in my case is nsxmanager.vcloud.local
To resolve this I had to implement a new CA signed certificate on the NSX Appliance so I thought I would document the process for anyone that was experiencing similar issues, or just wanted to replace their NSX Mamanger Certificate with a CA certificate.
Step 1. Log into the NSX Manager Web interface and navigate to Manage -> SSL Certificates and select Generate CSR Fill out the appropriate information as shown below.
Step 2. Then select the Download CSR button to save your signing request. The download does not give you a .csr file but instead gives you a file with the type “File.”
Step 3. Open the certificate with Notepad and you should see something similar to:
-----BEGIN CERTIFICATE REQUEST----- MIICtjCCAZ4CAQAwczEgMB4GA1UEAwwXbnN4bWFuYWdlci52Y2xvdWQubG9jYWwx DzANBgNVBAoMBlZNd2FyZTEPMA0GA1UECwwGVk13YXJlMRMwEQYDVQQHDApCcm9v bWZpZWxkMQswCQYDVQQIDAJDTzELMAkGA890-81UEBhMCVVMwggEiMA0GCSqGSIb AQUAA4IBDwAwggEKAoIBAQDFz1m5j2B4F9CLX68sL867uRHmjivrFy1lWrC+OuZ+ BUlFgGf3vS86x5+qsfqhmMjd7868ZYeD3AWbF5Tt78sZauipAYERLoN2eFQOAwGM T5fiG4nKjapsMm1Ok2mVr4Wx5345hLQ/1rf5cY/GSF0ACoZq6I3M7WFWQsJIF07+ 6zSJgNPu3N5vb+6NiH9PHVcKOv5p5Fjsgp+u8H5YTZ23ljhuXnNE4opfVtTeRTVj rK9/vZpSo/YWOWGObmmZaNi6oARbvY1w5QexMDLnzbaNwq1L/VCkqcjPWa7rqg7W ET8daRDtq8irQzKEYtus0SnmOYtPN786QR/lsAKWz5WtZRAgMBAAEwDQYJKoZIhv AQELBQADggEBAAOWpE4LZFNjyaM3ihDDqfOrZNBp3CIhrUCJjNKdgqVHdwGqGIu1 WtMHppu89EMHF6riON+TQ68qBd1itUBYypX78VdjWbzWNO6helYvBf6kXzb5UE5M 02o7C85OOFHK6IEg+HP9tY9FfjPEKyurp80OCpiHEcQEem4Z08H7StN9AIy93N/5 r2bRcQJYOUkVHVLpExCvoCmsCQz6i2H09uitPOdAbqGEYIGe5Rl3B303kf2FXWLM E5K0jBXHkvEs6e63ZbeFQPtA9m6fYFXg6mw= -----END CERTIFICATE REQUEST-----
Step 4. Copy paste the entire contents of that file and go get the certificate signed by your CA. If you have an Internal Microsoft CA, I have provided the steps below. First log into your Microsoft Active Directory Certificate Server Web Server by navigating to http://FQDN_or_IP/certsrv I used local host as I was on the Active Directory CA server. Click on Request a certificate
Step 5. Select advanced certificate request
Step 6. Paste the contents from your NSX Certificate Signing Request (CSR), Select your Certificate Template then click Submit
Step 7. Select Base 64 encoded and Download certificate chain
Step 8. Open up the chain file and drill down to Certificates
Step 9. Right Click on the nsxmanager certificate and select All Tasks -> Export
Step 10. Click Next on the Wizard, then select Base-64 encoded X.509 (.CER) and hit Next
Step 11. Provide a File Name (I used nsxmanager.cer) then hit Next then Finish
Step 12. Follow the same steps above to export your root certificate (I named mine root.cer).
Step 13. You should now have an nsxmanager.cer and a root.cer. You will need to combine these two files to a file called chain.cer. You can do that by opening a command prompt, navigating to the directory, and running the following command.
copy nsxmanager.cer+root.cer chain.cer
Step 14. Once you have the chain.cer log back into the NSX Manager Web Interface and select Import and provide your chain.cer file. You should now see your new certificate and root certificate as show below.
Step 15. In order for my certificate to show up properly, I had to reboot NSX Manager. Once that was complete, I could see the trusted certificate.
Phew! Now I can get back to NSX REST API calls and studying for my VCIX-NV exam next week. If you haven’t already been following the progress, I have a lot of good information up for studying here. Let me know if you have any questions or run into any problems that I may be able to help you out with during your NSX Manager certificate replacement!