An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP. Which is the correct way to implement this change?
A.
Send an API call to https://<nsx-mgr>/api/v1/cluster/api-certificate? action=set_cluster_certificate&certificate_id=<certificate_id>
B.
Send an API call to https://<nsx-mgr>/api/v1/node/services/http? action=apply_certificate&certificate_id=<certificate_id>
C.
SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install <certificate_id>
D.
SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install <certificate_id>
Should be A
https://docs.vmware.com/en/VMware-Validated-Design/5.0.1/com.vmware.vvd.sddc-nsxt-domain-deploy.doc/GUID-B7019BCE-4FA1-40BB-8DC2-EE47967A47F1.html
A should be correct - see example with screenshots at https://www.vexpert.cloud/how-to-replace-ca-signed-certificate-in-nsx-t-manager/
example POST https://<nsx-mgr>/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=d60c6a07-6e59-4873-8edb-339bf75711ac
A is the correct option based on the ICM 4 lecture:
You can replace the certificate for a manager node or the manager cluster virtual IP (VIP) by making an API call:
• To replace the certificate of a manager node, use the POST API call:
https://<nsx-mgr>/api/v1/node/services/http?action=apply_certificate&certificate_id=<certificate_id>
• To replace the certificate of the manager cluster VIP, use the POST API call:
https://<nsx-mgr>/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=<certificate_id>
Correct answer : A
VM docs : https://vdc-download.vmware.com/vmwb-repository/dcr-public/ce4128ae-8334-4f91-871b-ecce254cf69e/488f1280-204c-441d-8520-8279ac33d54b/api_includes/method_SetClusterCertificate.html
B is the answer:
Step 5 in the NSX-T documention:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-50C36862-A29D-48FA-8CE7-697E64E10E37.html
A for sure.
https://docs.vmware.com/en/VMware-Validated-Design/5.0.1/com.vmware.vvd.sddc-nsxt-domain-deploy.doc/GUID-B7019BCE-4FA1-40BB-8DC2-EE47967A47F1.html
Correct Answer: C
2 Step Process:
Step 1. SSH as admin into the NSX manager with the cluster VIP and run nsxcli cluster certificate vip install certificate_id=<certificate_id>
Step 2. Send an API call to https://<nsx_mgr_vip>/api/2.0/services/trustmanagement/cluster_certificate/install?cluster_certificate_id=<certificate_id>
These steps are consistent with the VMware NSX Documentation, which states that you need to install the SSL certificate for the cluster VIP on both the NSX Manager node and the cluster using the nsxcli command and the API call respectively.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
miskaste
Highly Voted 1 year, 1 month agoNubee
Most Recent 7 months, 2 weeks agotonydbass
11 months agoMadonna1
11 months, 2 weeks agoTestyboy15
11 months, 3 weeks agohello_world67859Y63
1 year agodescentguy2021
1 year, 1 month agokruy
1 year, 1 month ago