Out of the box Nutanix AOS comes *.nutanix.local Self Signed Certificate, for general security reasons and especially if you are using API or integrating with a 3rd party solution. It’s recommended to replace this certificate and create an SSL certificate signed by a certificate authority.
The beautiful thing with Nutanix is one step to replace all CVM certificates
Before we start what is needed; a private key, public key, and signing CA certificate chain (that includes the root CA and any intermediate CA).
Here are three options that can be used to create CSR, private key and public key
- Generate a CSR request file using openSSL on one of CVMs or on a windows machine
- Generate a CSR request file using windows certificate snap-in or web-based, if you have an internal CA with Active Directory Enrollment Policy created
- Using a Wildcard SSL certificates signed by one of public signing authorities (Godady or Digisign …)
The next step is to create a signing CA certificate chain file by adding all intermediate CAs and the root CA in one file and should look like below
Now we have everything ready next step is to Import Certificate in Nutanix Prism or Prism Central by opening SSL Certificate in the Settings
For more info
Installing an SSL Certificate in Prism Central
Converting wildcard pfx to private key and public certificate
Solutions Architect – Cloud & Infrastructure