Currently have VCF setup with NSX (both -V and -T) whose certificates were signed by our internal Microsoft CA.
When going to the web interface to manage things for NSX I get the cert warning in Chrome because there is no subject alternate name (SAN) attribute. I’m told this is because NSX doesn’t support creating a cert request with any additional fields.
My question: Can I generate a new csr request (via SDDC manager) for the NSX components (both v and t) then manually request a certificate from our internal Microsoft CA and use the attributes field on the web page to add in the missing SAN value?
Technically I know this will work but will NSX complain if I try to use SDDC manager to replace the certificates when then original csr doesn’t have a SAN attribute but my certificate does?
View Reddit by lumpyloo – View Source