Creates CSR and 4096 bit KEY
Creating NSX 6.4.2 SSL
openssl req -out nsxcert.csr -newkey rsa:4096 -nodes -keyout nsxcert.key -config dc1vc2nsxmgr01.cnf
Log into WIndows PKI
Open CSR in Notepad++ then paste into the Windows PKI Cert web:
https://nsmvpkiweb01/certsrv/
Request a Cert
Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Cert Template: VSphere6.5 (Drop down)
On Windows PKI server for vCenter SSL cert you will need the **Base 64 encode**:
nsxcert.cer (machine cert)
nsxcert.p7b (CA chain) Carries Sub and Root CA information
Open
nsxcert.p7b Extract Sub and Root CA and save as:
nsx-sub-root.cer
nsx-root.cer
(Know order sequence)
Copy 3 files to the workstation with OPENSSL BIN directory
nsxcert.cer
nsx-sub-root.cer
nsx-root.cer
**Have nsxcert.key in same BIN directory**
Use notepad++
machine+key+sub+root
save as .PEM
example: nsx-sub-root.pem
Convert PEM to PFX using OpenSSL
openssl pkcs12 -export -out nsx.pfx -inkey vransxcert.key -in nsx-machine.cer -certfile nsx-sub-root.pem