In this blog we will go over replacing the idps reporting Corfu certificate in NSX Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the cluster manager Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_IDPS_REPORTING&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "0cc2f4f0-f409-4849-bf01-cfe454349a12",
"service_type": "CBM_IDPS_REPORTING" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the cluster manager Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the cluster manager Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_CLUSTER_MANAGER&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "0d77eb4c-b305-41a1-b0c4-da7260191d6d",
"service_type": "CBM_CLUSTER_MANAGER" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the Monitoring Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_MONITORING&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "de5aed8d-cc84-4d0b-b487-8b6be2a022ba",
"service_type": "CBM_MONITORING" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the CSM Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_CSM&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "65f3c890-485c-4c54-b80a-51cef8db7124",
"service_type": "CBM_CSM" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the GM Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_MP&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "570dace5-8c8a-4f0f-a08f-69dc2054285b",
"service_type": "CBM_GM" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the MP Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_MP&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "e060f100-5e5a-42c8-b735-0cb58f944b43",
"service_type": "CBM_MP" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the CCP Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_CCP&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "5a6f1a51-95ec-45f3-8b7a-92ac2abd75cb",

"service_type": "CBM_CCP" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the AR Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_AR&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "625fb6e6-00ff-4c59-9275-0e7583bcb0c7",

"service_type": "CBM_AR" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

I was recently trying to replace some service certificates and I accidentally associated the certificate with the wrong service. When trying to delete the certificate I was presented with an error “Certificate delete failed: Certificate cannot be deleted because it is used by 1 MP node”

The first step I did was try to figure out what service is associated with the certificate. For that I leveraged the instructions in KB 75277. Performing a GET /api/v1/trust-management/certificates/{cert-id} I was able to identify that CBM_API service was using the certificate.

To remove it I had to run curl -k -X POST -H "Content-Type: application/json" -H 'X-NSX-Username:admin' -H 'X-NSX-Groups:superuser' -d '{"service_type":"CBM_API","node_id":"{node_id}"}' "http://localhost:7440/nsxapi/api/v1/trust-management/certificates/{certificate_id}?action=release"

The command allowed me to unregister the component and allowed me to delete the old certificate.