How to set CA Signed Certificate in NSX-t using Powershell

When you are trying to set a CA signed certificate as certificate the official documentation points out that you have to apply the certificate via REST API. All the rest is done easily via GUI but the most important step is missing from the UI. I hope this will be implemented via UI as well.

Assign a Virtual IP Address and Certificate to the NSX-T Manager Cluster (

From the documentation they suggest using Postman but i wanted to do it via PowerShell and here is how to do it:

$user = "admin"
$pass = 'Password'

$CertID = "649d0782-c052-4ea0-b0ae-504e14ebbec1"


#No more editing down here ;) 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
    Authorization = $basicAuthValue

foreach($Node in $NodeIPs)
	#Call this rest method to apply certificate, run this for all IP´s of multiple nodes individually 
	Invoke-RestMethod -ContentType 'application/xml' -Header $Headers -Method Post -URI "https://$Node/api/v1/node/services/http?action=apply_certificate&certificate_id=$CertID" 

#Call this rest method to apply the cluster certificate for the virtual IP
Invoke-RestMethod -ContentType 'application/xml' -Header $Headers -Method Post -URI "https://$ClusterIP/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=$CertID"

You have to reboot the nodes one-by-one to apply the node certificates but the cluster cert should be applied immediately.

Hope I was able to help you. Cheers

Leave a Reply