Browse Category

Cloud Foundation

VMware Cloud Foundation

Downloading specific VCF bundles via CLI

I wanted to reuse my VCF downloaded bundles on another SDDC Manager system so that i wont have to download it from internet again. I found an easy guide here in the VMware documentation. My goal was to download the specific bundle once and upload it on other SDDC Managers.

The first command from SDDC manager was to list the bundles. The lcm bundle transfer utility can be found in /opt/vmware/vcf/lcm/lcm-tools/bin

./lcm-bundle-transfer-util -du ${depotUser} -l -p ${product_version}

I replaced the ${depotUser} with my vmware email address and ${product_version} with the version of the VCF product i wanted to install in my case 5.0.0.0. I was greeted with a list of bundle IDs and the specific component that it was for:

Enter Myvmware user password:
Validating the depot user credentials...

Bundle         Product  Bundle Size  Components
               Version  (in MB)
bundle-80035   5.0.0.0  599.5 MB     ESX_HOST-8.0.1-21813344
bundle-80031   5.0.0.0  10089.9 MB   NSX_T_MANAGER-4.1.0.2.0-21761691
bundle-80029   5.0.0.0  2044.7 MB    SDDC_MANAGER_VCF-5.0.0.0-21822418
bundle-80030   5.0.0.0  251.3 MB     SDDC_MANAGER_VCF-5.0.0.0-21822418
bundle-80033   5.0.0.0  9867.6 MB    VCENTER-8.0.1.00100-21815093

In my case i need the installer. To download a specific bundle we run

./lcm-bundle-transfer-util --download --outputDirectory ${absolute-path-output-dir} --depotUser ${depotUser} -b ${bundle_name}

in my case it was:

./lcm-bundle-transfer-util --download --outputDirectory /some/temporary/location --depotUser [email protected] -b bundle-80029

This allowed me to grab the download from /some/temporary/path and save it/upload it on my other SDDC Managers that were missing it.

Finally before the patch can be used in SDDC Manager we need to upload it to the repo. Please note that once we issue the upload command the download gets deleted, so make sure you save the download ahead of time

./lcm-bundle-transfer-util --upload --bundleDirectory /some/temporary/path -b bundle-80029

or via API

curl -k http://127.0.0.1/lcm/bundle/upload -X POST -d ‘{“bundle”:”/some/temporary/path/bundle-80029.tar”,”manifest”:”/some/temporary/path/bundle-80029.manifest”, “signature”:”/some/temporary/path/bundle-80029.manifest.sig”}’ -H ‘Content-Type:application/json’

Once the upload was complete i was able to see it in SDDC Manager as a package that i can apply.

A list of bundles can be found here

VCF depot build numbers

VCF VersionBundle NameSizeComponentTypeBundle ID
5.1.0.0bundle-99536640.0MBESX_HOST-8.0.2-22380479PATCHefca585c-4fd8-4ec4-9b08-c50701aa2f7d
bundle-9954110500.4MBNSX_T_MANAGER-4.1.2.1.0-22667789PATCH39759b15-d985-4c15-85d6-7d44fd24df45
bundle-995392089.2MBSDDC_MANAGER_VCF-5.1.0.0-22688368PATCHb9308692-c98a-4afc-b49f-601f16105d92
bundle-995400.0MBSDDC_MANAGER_VCF-5.1.0.0-22688368PATCH(Drift)f3a11b49-4209-4c2b-8b26-aea98b1f8450
bundle-9953716801.6MBVCENTER-8.0.2.00100-22617221PATCH0a1ba239-eab9-41c6-b0e6-9738a463bdbe
bundle-9954214606.2MBNSX_T_MANAGER-4.1.2.1.0-22667789INSTALLc5a39cf5-eca2-4206-8375-082f827612b8
bundle-9953810493.0MBVCENTER-8.0.2.00100-22617221INSTALL96cf61e1-85b3-461f-8dfe-5abbeed33ab7
5.0.0.1bundle-943752044.9MBSDDC_MANAGER_VCF-5.0.0.1-22485660PATCH8fe51a93-ff6b-45e1-b9b9-49ad60612703
bundle-94376251.5MBSDDC_MANAGER_VCF-5.0.0.1-22485660PATCH(Drift)0602cf8f-9a37-4b38-90ba-f26a19a80cf6
5.0.0.0bundle-80035599.5MBESX_HOST-8.0.1-21813344PATCHef970211-02bf-429a-8edd-91f3bc7c1b42
bundle-8003110089.9MBNSX_T_MANAGER-4.1.0.2.0-21761691PATCH3ae76665-4c93-422e-9af8-aafe79a1ee7f
bundle-800292044.7MBSDDC_MANAGER_VCF-5.0.0.0-21822418PATCHb562189e-0c93-489e-a0b9-e12b01efffb8
bundle-80030251.3MBSDDC_MANAGER_VCF-5.0.0.0-21822418PATCH(Drift)393fb05f-23ff-47d1-8b84-db39647677ce
bundle-800339867.6MBVCENTER-8.0.1.00100-21815093PATCHb862f68d-22a8-457d-a85d-56d72370076e
bundle-8003213874.6MBNSX_T_MANAGER-4.1.0.2.0-21761691INSTALL7df70351-902f-49e4-a366-553f340d2f3a
bundle-800349867.6MBVCENTER-8.0.1.00100-21815093INSTALLb1f5bf8e-c133-44a3-9393-efa772c9c0ce
4.5.2.0bundle-83610382.1MBESX_HOST-7.0.3-21930508PATCHb9462fde-a7d0-4965-b217-cd09bd21bcc5
bundle-873188615.4MBNSX_T_MANAGER-3.2.3.1.0-22104592PATCH259b722b-f8b5-4b4c-9e71-4ebe135cd38e
bundle-884452012.6MBSDDC_MANAGER_VCF-4.5.2.0-22223457PATCH363bd141-7d19-4287-9c7a-091c11042ca0
bundle-88446250.5MBSDDC_MANAGER_VCF-4.5.2.0-22223457PATCH(Drift)85192dee-1d47-4211-bbdb-999d604f601f
bundle-811466420.0MBVCENTER-7.0.3.01500-21784236PATCH4ac2b679-5e5b-43a6-b74b-5fd4e3c978c0
bundle-8731910618.2MBNSX_T_MANAGER-3.2.3.1.0-22104592INSTALLfcde592c-7a6c-4c92-a6b3-669833dc6910
bundle-811478575.4MBVCENTER-7.0.3.01500-21784236INSTALL659351d3-9d66-45d6-84b0-14451f54cd6f
4.5.1.0bundle-73789381.8MBESX_HOST-7.0.3-21424296PATCH2b458531-b783-458e-bc43-3da1ddcd096f
bundle-737858402.7MBNSX_T_MANAGER-3.2.2.1.0-21487560PATCHe5f9e44f-9123-425e-bee9-07806379d671
bundle-772612150.0MBSDDC_MANAGER_VCF-4.5.1.0-21682411PATCH65b6d750-5ef3-4456-b4c2-65ef96048fb6
bundle-77262250.2MBSDDC_MANAGER_VCF-4.5.1.0-21682411PATCH(Drift)8a132cc7-f9b7-4f69-b654-7ea8f7059905
bundle-737876419.8MBVCENTER-7.0.3.01400-21477706PATCH3b8ae94b-582b-4356-b152-2b01e947a072
bundle-7378610461.8MBNSX_T_MANAGER-3.2.2.1.0-21487560INSTALLf90627d1-a038-4771-9a8a-dfbe1ffa760b
bundle-737888575.1MBVCENTER-7.0.3.01400-21477706INSTALL37ec3570-d827-4f32-8eac-92e2b6e21964
4.5.0.0bundle-61598382.9MBESX_HOST-7.0.3-20328353PATCHc6a50311-47be-4b53-891d-9f5ecb75d087
bundle-627688064.0MBNSX_T_MANAGER-3.2.1.2.0-20541212PATCH4f2f5d65-53ca-4b58-a85c-49d5b337cc64
bundle-635992106.0MBSDDC_MANAGER_VCF-4.5.0.0-20612863PATCHb984c5e4-167a-4886-8f23-be34c9176ca9
bundle-63600247.6MBSDDC_MANAGER_VCF-4.5.0.0-20612863PATCH(Drift)4581e5e3-b82f-46b9-99cc-e35584f14de0
bundle-615946381.1MBVCENTER-7.0.3.01000-20395099PATCH34b75350-c552-4c93-b306-75658a3332a4
bundle-6276910053.7MBNSX_T_MANAGER-3.2.1.2.0-20541212INSTALL4fe5a96f-d5c3-4730-9970-6d94bc5a63af
bundle-615968344.2MBVCENTER-7.0.3.01000-20395099INSTALL8da5d209-c8ac-493f-9e6a-f00a5bd5f155
4.4.1.1bundle-5834710246.1MBSDDC_MANAGER_VCF-4.4.1.1-19948546PATCH193486eb-53f5-40c7-8012-b5dcab515ebf
bundle-58348233.8MBSDDC_MANAGER_VCF-4.4.1.1-19948546PATCH(Drift)3c32c5d6-b5e0-49c6-9a86-90bcd3de671e
4.4.1.0bundle-56937395.5MBESX_HOST-7.0.3-19482537PATCH043e2b99-b36f-45b9-a4a2-1632a24764ef
bundle-573477127.2MBNSX_T_MANAGER-3.1.3.7.4-19762317PATCH193486eb-53f5-40c7-8012-b5dcab515ebf
bundle-5734410246.2MBSDDC_MANAGER_VCF-4.4.1.0-19766960PATCH13d87a53-298d-4ee5-98ca-b9e10eece7a5
bundle-57346233.8MBSDDC_MANAGER_VCF-4.4.1.0-19766960PATCH(Drift)8c178f33-b28d-47d0-88da-aa94f309a042
bundle-557437139.0MBVCENTER-7.0.3.00500-19480866PATCH05be2afd-990d-45bd-9472-fab032e8c696
bundle-573488535.7MBNSX_T_MANAGER-3.1.3.7.4-19762317INSTALL3c32c5d6-b5e0-49c6-9a86-90bcd3de671e
bundle-557459202.7MBVCENTER-7.0.3.00500-19480866INSTALL4073e1c9-4eeb-4d46-97b5-374daa24be41
4.4.0.0bundle-52995395.3MBESX_HOST-7.0.3-19193900PATCHd214e445-8509-4d50-adac-59d56acd86ae
bundle-529807154.5MBNSX_T_MANAGER-3.1.3.5.0-19068434PATCH348187d2-9930-41d6-9ee1-345857e53a3f
bundle-5343110188.6MBSDDC_MANAGER_VCF-4.4.0.0-19312029PATCH4f22c22f-441d-4ed9-bb70-697d10bcf028
bundle-53432230.3MBSDDC_MANAGER_VCF-4.4.0.0-19312029PATCH(Drift)54485cb4-8db2-4e86-8962-5c4fc54d5727
bundle-56535230.4MBSDDC_MANAGER_VCF-4.4.0.0-19617653PATCH(Drift)b27c6275-742c-4d51-a907-eba0e158ede3
bundle-529867223.8MBVCENTER-7.0.3.00300-19234570PATCH3bbd1018-1e3f-478d-b201-4287aeb136d8
bundle-529828610.0MBNSX_T_MANAGER-3.1.3.5.0-19068434INSTALL7ae68403-5863-4fcf-8886-f27460c59e85
bundle-529909244.9MBVCENTER-7.0.3.00300-19234570INSTALL7b7816d6-64f9-42a1-be35-3c5d185f08a3
4.3.1.1bundle-5270410695.5MBSDDC_MANAGER_VCF-4.3.1.1-19235535PATCH4ea809be-5359-4ac8-b32f-2337c0820d8b
bundle-52705230.5MBSDDC_MANAGER_VCF-4.3.1.1-19235535PATCH(Drift)fd85a861-a972-4da8-b708-8b35aa897e25
4.3.1.0bundle-47505389.4MBESX_HOST-7.0.2-18426014PATCH50f69840-b920-4d1b-81fa-bb934fa13c24
bundle-475017105.9MBNSX_T_MANAGER-3.1.3.1.0-18504668PATCH2f39eed1-94e3-4295-937d-2ea785a2485a
bundle-4839010336.5MBSDDC_MANAGER_VCF-4.3.1.0-18624509PATCH4162045d-0b25-4ca3-8e38-0371908ed9e6
bundle-48392230.5MBSDDC_MANAGER_VCF-4.3.1.0-18624509PATCH(Drift)8f26c34a-7488-4960-aaf7-276ba313846b
bundle-475035394.0MBVCENTER-7.0.2.00500-18455184PATCH47d01e0c-ae43-4f74-a57a-b8b3ecbe878b
bundle-475028501.4MBNSX_T_MANAGER-3.1.3.1.0-18504668INSTALL9e3175b7-57bc-49cf-8e22-c3885061b48a
bundle-475047383.3MBVCENTER-7.0.2.00500-18455184INSTALLc49b858d-ed29-48bb-9d13-403d96a3ece3
4.3.0.0bundle-43745390.1MBESX_HOST-7.0.2-17867351PATCH1625a9f9-a96b-4dda-98c6-58938fb29667
bundle-464667123.1MBNSX_T_MANAGER-3.1.3.0.0-18328989PATCH104298b4-bee8-4eae-9791-fc8ff5516f31
bundle-4700610331.2MBSDDC_MANAGER_VCF-4.3.0.0-18433963PATCH3f44edc1-6862-4d85-b646-a6bc24698c32
bundle-47008230.3MBSDDC_MANAGER_VCF-4.3.0.0-18433963PATCH(Drift)5c1a58d6-2e2d-45bf-960a-5d05b7fee2e3
bundle-464685394.4MBVCENTER-7.0.2.00400-18356314PATCH8d83266a-3b96-467c-8071-74617e10da05
bundle-464678568.5MBNSX_T_MANAGER-3.1.3.0.0-18328989INSTALLf14e528f-df76-447d-a235-93b069291f5c
bundle-464697383.7MBVCENTER-7.0.2.00400-18356314INSTALL3f560300-18e9-4d9b-bcf5-0b4688c7612b
4.2.1.0bundle-425156995.1MBNSX_T_MANAGER-3.1.2.0.0-17883596PATCHc6550bcc-9519-423f-b383-625774fed5a6
bundle-4290510142.7MBSDDC_MANAGER_VCF-4.2.1.0-18016307PATCHdf3c4a11-cca4-4cad-b776-35f2035633dd
bundle-42906209.3MBSDDC_MANAGER_VCF-4.2.1.0-18016307PATCH(Drift)a534958a-5af3-4728-bcfc-4196e813f6fe
bundle-425215114.4MBVCENTER-7.0.1.00301-17956102PATCH731433e4-122e-40a9-aaba-3ebc1be133d3
bundle-425198394.9MBNSX_T_MANAGER-3.1.2.0.0-17883596INSTALL5881bb39-180f-4563-b434-824d9aa10413
bundle-425227722.8MBVCENTER-7.0.1.00301-17956102INSTALL300a8dcd-c774-4c22-9ea0-b0f08d38e004
4.2.0.0bundle-37983369.0MBESX_HOST-7.0.1-17551050PATCHe7ee206d-069f-4982-8271-38e7970dcf9a
bundle-328107057.7MBNSX_T_MANAGER-3.1.0.0.0-17107167PATCHff249395-d58a-4d3d-8111-9237fe6a6a45
bundle-3797910070.0MBSDDC_MANAGER_VCF-4.2.0.0-17559673PATCH906c8d8f-c28d-4122-8720-43be7af2cbfd
bundle-37982209.3MBSDDC_MANAGER_VCF-4.2.0.0-17559673PATCH(Drift)e53edad7-26df-4282-8874-d1724e63ac5b
bundle-353215140.8MBVCENTER-7.0.1.00200-17327517PATCHa9938c7e-d30c-4ce9-adab-831f835e6c12
bundle-328118427.7MBNSX_T_MANAGER-3.1.0.0.0-17107167INSTALL1cce3a86-7292-4c91-b0db-20274f2c741d
bundle-353227749.3MBVCENTER-7.0.1.00200-17327517INSTALL9d272a97-9a55-492e-b661-0a8f3f2dfd4a

Source https://kb.vmware.com/s/article/96099

How to use: Downloading specific VCF bundles via CLI

Replacing the idps reporting Corfu certificate in NSX

In this blog we will go over replacing the idps reporting Corfu certificate in NSX Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the cluster manager Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_IDPS_REPORTING&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "0cc2f4f0-f409-4849-bf01-cfe454349a12",
"service_type": "CBM_IDPS_REPORTING" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the cluster manager Corfu certificate in NSX

In this blog we will go over replacing the cluster manager Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the cluster manager Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_CLUSTER_MANAGER&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "0d77eb4c-b305-41a1-b0c4-da7260191d6d",
"service_type": "CBM_CLUSTER_MANAGER" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the Monitoring Corfu certificate in NSX

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the Monitoring Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_MONITORING&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "de5aed8d-cc84-4d0b-b487-8b6be2a022ba",
"service_type": "CBM_MONITORING" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the CSM Corfu certificate in NSX

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the CSM Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_CSM&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "65f3c890-485c-4c54-b80a-51cef8db7124",
"service_type": "CBM_CSM" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the GM Corfu certificate in NSX

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the GM Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_MP&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "570dace5-8c8a-4f0f-a08f-69dc2054285b",
"service_type": "CBM_GM" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the MP Corfu certificate in NSX

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the MP Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_MP&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "e060f100-5e5a-42c8-b735-0cb58f944b43",
"service_type": "CBM_MP" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the CCP Corfu certificate in NSX

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the CCP Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_CCP&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "5a6f1a51-95ec-45f3-8b7a-92ac2abd75cb",

"service_type": "CBM_CCP" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu

Replacing the AR Corfu certificate in NSX

In this blog we will go over replacing the Corfu certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate.

In my case the AR Corfu certificate has already expired

In the top menu bar I went to Generate -> Generate Self Signed Certificate

Next I had to grab the new certificate ID

The next step is to replace the old certificate with the new certificate via an API call. For this I used Postman but any other tool could potentially be used.

The URL for the post call would go against https://nsx-vip-01a.corp.local/api/v1/trust-management/certificates/cert_id?action=apply_certificate&service_type=CBM_AR&node_id=node_id

The node ID can be found under Appliances -> View details on node, the value to the right for UUID ex

For authentication I used basic, per best practices we should be using a token.

For headers had to add Content-Type application\json ex

In the body I picket raw and added the following in

{ "cert_id": "625fb6e6-00ff-4c59-9275-0e7583bcb0c7",

"service_type": "CBM_AR" }

The cert ID is from the certificate I generated earlier. ex

Once I clicked send I was presented back with a 200 OK

Going in the web browser I can also see that the new certificate is now used and the old one doesn’t have anything assigned to it ex

The final step I did was removing the old certificate by clicking on the 3 dots to left and picking delete from the menu