Replace Nutanix Prism certification with internal CA

Out of the box Nutanix AOS comes *.nutanix.local Self Signed Certificate, for general security reasons and especially if you are using API or integrating with a 3rd party solution. It’s recommended to replace this certificate and create an SSL certificate signed by a certificate authority.

The beautiful thing with Nutanix is one step to replace all CVM certificates

Before we start what is needed; a private key, public key, and signing CA certificate chain (that includes the root CA and any intermediate CA).

Here are three options that can be used to create CSR, private key and public key

  1. Generate a CSR request file using openSSL on one of CVMs or on a windows machine
  2. Generate a CSR request file using windows certificate snap-in or web-based, if you have an internal CA with Active Directory Enrollment Policy created
  3. Using a Wildcard SSL certificates signed by one of public signing authorities (Godady or Digisign …)

The next step is to create a signing CA certificate chain file by adding all intermediate CAs and the root CA in one file and should look like below

Now we have everything ready next step is to Import Certificate in Nutanix Prism or Prism Central by opening  SSL Certificate in the Settings

For more info

Installing an SSL Certificate in Prism Central

SSL Certificate Upload Troubleshooting – Replacing self-signed certificates with CA-generated certificates in Prism

Converting wildcard pfx to private key and public certificate

Leave a Reply

Your email address will not be published. Required fields are marked *