How to set CA Signed Certificate in NSX-t using Powershell

When you are trying to set a CA signed certificate as certificate the official documentation points out that you have to apply the certificate via REST API. All the rest is done easily via GUI but the most important step is missing from the UI. I hope this will be implemented via UI as well.

Assign a Virtual IP Address and Certificate to the NSX-T Manager Cluster (vmware.com)

From the documentation they suggest using Postman but i wanted to do it via PowerShell and here is how to do it:

$user = "admin"
$pass = 'Password'

$CertID = "649d0782-c052-4ea0-b0ae-504e14ebbec1"

$ClusterIP="IPorFQDNforyourClusterIP.domain"
$NodeIPs=@("172.21.80.15","172.21.80.16","172.21.80.15")

#No more editing down here ;) 


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy


$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
    Authorization = $basicAuthValue
}

foreach($Node in $NodeIPs)
{
	#Call this rest method to apply certificate, run this for all IP´s of multiple nodes individually 
	Invoke-RestMethod -ContentType 'application/xml' -Header $Headers -Method Post -URI "https://$Node/api/v1/node/services/http?action=apply_certificate&certificate_id=$CertID" 
}

#Call this rest method to apply the cluster certificate for the virtual IP
Invoke-RestMethod -ContentType 'application/xml' -Header $Headers -Method Post -URI "https://$ClusterIP/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=$CertID"

You have to reboot the nodes one-by-one to apply the node certificates but the cluster cert should be applied immediately.

Hope I was able to help you. Cheers

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a Reply Cancel reply

Related Posts

Getting Infos for vSphere First Class Disks (FCD/IVDs)

NSX-v to NSX-t migration fails on 7.0U2 running on HPE (KB84466)

“Really” enabling promiscous mode for vSphere VMs (VMWare KB 59235)

Configure Permission in vCenter for vRealize Operations Manager using PowerCLI