{"id":202,"date":"2022-07-27T16:56:52","date_gmt":"2022-07-27T14:56:52","guid":{"rendered":"https:\/\/zerobotics.de\/blog\/?p=202"},"modified":"2023-07-17T16:32:09","modified_gmt":"2023-07-17T14:32:09","slug":"vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca","status":"publish","type":"post","link":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/","title":{"rendered":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">Minutes<\/span><\/span>\n<p class=\"wp-block-paragraph\">Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an \u201eofficial\u201c certificate and replace the \u201eSelf Signed Certificate\u201c.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the Lab environment, a Windows Certificate Authority (CA) and the CA Web Enrollment already exist on a Windows 2019 VM. I will not go into detail about the installation of the CA; here I followed an article on the <a href=\"https:\/\/virtuallythere.blog\/2018\/04\/24\/making-things-a-bit-more-secure-part-1\/\" target=\"_blank\" rel=\"noopener\">VirtuallyThere Blog<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, I have created a Certificate Template according to VMware specifications. In the future, I would like to use this for all VMware product deployments in the lab. I have written another blog article about this (<a href=\"https:\/\/zerobotics.de\/blog\/en\/2022\/07\/27\/creating-a-microsoft-ca-template-for-vsphere-6-x-7-x\/\" target=\"_blank\" rel=\"noopener\">Creating a Microsoft CA Template for vSphere 6.x\/7.x<\/a>), or if you want to read it directly from VMware, here is the KB article: <a href=\"https:\/\/kb.vmware.com\/s\/article\/2112009\" target=\"_blank\" rel=\"noopener\">Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.x\/7.x<\/a><\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">Certificate Signing Request<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">First, a certificate signing request must be created on the AVI controller. To do this, go to <strong><code>Templates >> Security >> SSL\/TLS Certificates<\/code><\/strong>, select <strong><code>Create >> Controller Certificate<\/code><\/strong> and create a new certificate of the type \u201e<strong><code>CSR<\/code><\/strong>\u201e.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-style-default\"><img loading=\"lazy\" decoding=\"async\" width=\"287\" height=\"152\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-1.png\" alt=\"Create a new Controller Certificate\" class=\"wp-image-97\"\/><figcaption>Create a new Controller Certificate<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"582\" height=\"324\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image.png\" alt=\"\" class=\"wp-image-96\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image.png 582w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-300x167.png 300w\" sizes=\"auto, (max-width: 582px) 100vw, 582px\" \/><figcaption>New Certificate Type CSR<\/figcaption><\/figure>\n\n\n\n<div style=\"height:60px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">When creating the request, make sure that all access addresses are included in the Subject Alternate Names (SANs). In my first attempt, I forgot the cluster IP and had to confirm the browser\u2019s security query for this one address; the rest were excluded meaning they worked fine. Unfortunately, you then have to go through the CSR process again.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"760\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-2-1024x760.png\" alt=\"\" class=\"wp-image-98\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-2-1024x760.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-2-300x223.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-2-768x570.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-2.png 1148w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Adding Subject Alternate Names (SAN)<\/figcaption><\/figure>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Quick hint:<br>How do I come up with 4 entries for the SANs?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>one Node IP<\/li><li>a corresponding DNS entry<\/li><li>one Cluster IP (for future use, should I ever want to use more than one node)<\/li><li>a corresponding DNS entry for the Cluster IP<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-6-1024x515.png\" alt=\"\" class=\"wp-image-103\" width=\"834\" height=\"419\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-6-1024x515.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-6-300x151.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-6-768x386.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-6.png 1131w\" sizes=\"auto, (max-width: 834px) 100vw, 834px\" \/><figcaption>Cluster IP Adressen<\/figcaption><\/figure>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">After creating the CSR, it looks like this in AVI:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"65\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-3-1024x65.png\" alt=\"\" class=\"wp-image-100\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-3-1024x65.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-3-300x19.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-3-768x49.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-3-1536x97.png 1536w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-3.png 1678w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Awaiting Certificate<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Right click on the pencil and copy the CSR to the clipboard:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"616\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-10-1024x616.png\" alt=\"\" class=\"wp-image-107\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-10-1024x616.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-10-300x180.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-10-768x462.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-10.png 1147w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Copy CSR to Clipboard<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Creating the certificate<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Continue in the web interface of the Windows CA (accessible via <code><strong>https:\/\/<your-ca>\/certsrv<\/strong><\/code>)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here, navigate via <strong><code>Request a certificate >> advanced certificate request<\/code><\/strong> and paste the previously copied CSR.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-style-default\"><img loading=\"lazy\" decoding=\"async\" width=\"451\" height=\"442\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-9.png\" alt=\"\" class=\"wp-image-106\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-9.png 451w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-9-300x294.png 300w\" sizes=\"auto, (max-width: 451px) 100vw, 451px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"342\" height=\"295\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-4.png\" alt=\"\" class=\"wp-image-101\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-4.png 342w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-4-300x259.png 300w\" sizes=\"auto, (max-width: 342px) 100vw, 342px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"495\" height=\"474\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-8.png\" alt=\"\" class=\"wp-image-105\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-8.png 495w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-8-300x287.png 300w\" sizes=\"auto, (max-width: 495px) 100vw, 495px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, I use my self-created Certificate Template \u201eVMware\u201c here.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The certificate can then be downloaded in Base 64 format:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"389\" height=\"150\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-5.png\" alt=\"\" class=\"wp-image-102\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-5.png 389w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-5-300x116.png 300w\" sizes=\"auto, (max-width: 389px) 100vw, 389px\" \/><figcaption>Download certificate in Base 64<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"128\" height=\"55\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-7.png\" alt=\"\" class=\"wp-image-104\"\/><figcaption>The new certificate in Windows Explorer<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Using the Certificate in NSX ALB \/ AVI<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Back in the AVI web interface, import the certificates file:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"815\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-11-1024x815.png\" alt=\"\" class=\"wp-image-108\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-11-1024x815.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-11-300x239.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-11-768x611.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-11.png 1111w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Import the new Certificate File<\/figcaption><\/figure>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Et viola, the status of the certificate is Green and it is obviously not Self Signed:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"64\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-12-1024x64.png\" alt=\"\" class=\"wp-image-109\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-12-1024x64.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-12-300x19.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-12-768x48.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-12-1536x97.png 1536w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-12.png 1685w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>New certificate looks fine<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Change NSX ALB \/ AVI to the new certificate<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Now edit the System Access Settings (<strong><code>Administration >> Settings >> Access Settings<\/code><\/strong>) and we are done \ud83d\ude42<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"789\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-14-1024x789.png\" alt=\"\" class=\"wp-image-111\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-14-1024x789.png 1024w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-14-300x231.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-14-768x592.png 768w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-14.png 1069w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:21px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Remove both default certificates\u2026<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"831\" height=\"476\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-16.png\" alt=\"\" class=\"wp-image-113\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-16.png 831w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-16-300x172.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-16-768x440.png 768w\" sizes=\"auto, (max-width: 831px) 100vw, 831px\" \/><figcaption>System Default Certificates out<\/figcaption><\/figure>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u2026and add the new, own certificate granted by the Windows CA:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"824\" height=\"470\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-15.png\" alt=\"\" class=\"wp-image-112\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-15.png 824w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-15-300x171.png 300w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-15-768x438.png 768w\" sizes=\"auto, (max-width: 824px) 100vw, 824px\" \/><figcaption>New CA signed Certificate in<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">A check of the four addresses in the web browser (IP and DNS) is successful:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"646\" height=\"251\" src=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-13.png\" alt=\"\" class=\"wp-image-110\" srcset=\"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-13.png 646w, https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-13-300x117.png 300w\" sizes=\"auto, (max-width: 646px) 100vw, 646px\" \/><figcaption>Successful verification with Browser<\/figcaption><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">A small hint regarding Firefox:<br>Since we do not use any group policies in our lab that include Firefox, a setting is still necessary so that Firefox relies on the Windows CA (copy\/paste from the <a rel=\"noreferrer noopener\" href=\"https:\/\/support.mozilla.org\/en-US\/kb\/setting-certificate-authorities-firefox\" target=\"_blank\">Mozilla Webseite<\/a>):<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Enter \u201cabout:config\u201d in the address bar and continue to the list of preferences.<\/li><li>Set the preference <strong>\u201esecurity.enterprise_roots.enabled\u201c<\/strong> to <strong>true<\/strong>.<\/li><li>Restart Firefox.<\/li><\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">Minutes<\/span><\/span>Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an &bdquo;official&ldquo; certificate and replace the &bdquo;Self Signed Certificate&ldquo;. In the Lab environment, a Windows Certificate Authority [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":110,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-202","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nsx-en"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an &quot;official&quot; certificate and replace the &quot;Self Signed Certificate&quot;. In the Lab environment, a Windows Certificate Authority\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"alex\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"de_DE\" \/>\n\t\t<meta property=\"og:site_name\" content=\"ZEROBOTICS - The Friendly Neighborhood Zero\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS\" \/>\n\t\t<meta property=\"og:description\" content=\"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an &quot;official&quot; certificate and replace the &quot;Self Signed Certificate&quot;. In the Lab environment, a Windows Certificate Authority\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2022-07-27T14:56:52+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2023-07-17T14:32:09+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@zeroboioioy\" \/>\n\t\t<meta name=\"twitter:title\" content=\"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an &quot;official&quot; certificate and replace the &quot;Self Signed Certificate&quot;. In the Lab environment, a Windows Certificate Authority\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@zeroboioioy\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#blogposting\",\"name\":\"VMware NSX ALB \\\/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS\",\"headline\":\"VMware NSX ALB \\\/ AVI Certificate Signing Request (CSR) with Microsoft CA\",\"author\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/author\\\/alex\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/image-13.png\",\"width\":646,\"height\":251},\"datePublished\":\"2022-07-27T16:56:52+02:00\",\"dateModified\":\"2023-07-17T16:32:09+02:00\",\"inLanguage\":\"de-DE\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#webpage\"},\"articleSection\":\"NSX, English, pll_62e14f14d7569\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zerobotics.de\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/category\\\/nsx-en\\\/#listItem\",\"name\":\"NSX\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/category\\\/nsx-en\\\/#listItem\",\"position\":2,\"name\":\"NSX\",\"item\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/category\\\/nsx-en\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#listItem\",\"name\":\"VMware NSX ALB \\\/ AVI Certificate Signing Request (CSR) with Microsoft CA\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#listItem\",\"position\":3,\"name\":\"VMware NSX ALB \\\/ AVI Certificate Signing Request (CSR) with Microsoft CA\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/category\\\/nsx-en\\\/#listItem\",\"name\":\"NSX\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/#person\",\"name\":\"alex\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/author\\\/alex\\\/#author\",\"url\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/author\\\/alex\\\/\",\"name\":\"alex\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#webpage\",\"url\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/\",\"name\":\"VMware NSX ALB \\\/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS\",\"description\":\"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an \\\"official\\\" certificate and replace the \\\"Self Signed Certificate\\\". In the Lab environment, a Windows Certificate Authority\",\"inLanguage\":\"de-DE\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/author\\\/alex\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/author\\\/alex\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/image-13.png\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#mainImage\",\"width\":646,\"height\":251},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/en\\\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\\\/#mainImage\"},\"datePublished\":\"2022-07-27T16:56:52+02:00\",\"dateModified\":\"2023-07-17T16:32:09+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/\",\"name\":\"ZEROBOTICS\",\"description\":\"The Friendly Neighborhood Zero\",\"inLanguage\":\"de-DE\",\"publisher\":{\"@id\":\"https:\\\/\\\/zerobotics.de\\\/blog\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS","description":"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an \"official\" certificate and replace the \"Self Signed Certificate\". In the Lab environment, a Windows Certificate Authority","canonical_url":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#blogposting","name":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS","headline":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA","author":{"@id":"https:\/\/zerobotics.de\/blog\/author\/alex\/#author"},"publisher":{"@id":"https:\/\/zerobotics.de\/blog\/#person"},"image":{"@type":"ImageObject","url":"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-13.png","width":646,"height":251},"datePublished":"2022-07-27T16:56:52+02:00","dateModified":"2023-07-17T16:32:09+02:00","inLanguage":"de-DE","mainEntityOfPage":{"@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#webpage"},"isPartOf":{"@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#webpage"},"articleSection":"NSX, English, pll_62e14f14d7569"},{"@type":"BreadcrumbList","@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog#listItem","position":1,"name":"Home","item":"https:\/\/zerobotics.de\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog\/en\/category\/nsx-en\/#listItem","name":"NSX"}},{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog\/en\/category\/nsx-en\/#listItem","position":2,"name":"NSX","item":"https:\/\/zerobotics.de\/blog\/en\/category\/nsx-en\/","nextItem":{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#listItem","name":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA"},"previousItem":{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#listItem","position":3,"name":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA","previousItem":{"@type":"ListItem","@id":"https:\/\/zerobotics.de\/blog\/en\/category\/nsx-en\/#listItem","name":"NSX"}}]},{"@type":"Person","@id":"https:\/\/zerobotics.de\/blog\/#person","name":"alex"},{"@type":"Person","@id":"https:\/\/zerobotics.de\/blog\/author\/alex\/#author","url":"https:\/\/zerobotics.de\/blog\/author\/alex\/","name":"alex"},{"@type":"WebPage","@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#webpage","url":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/","name":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS","description":"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an \"official\" certificate and replace the \"Self Signed Certificate\". In the Lab environment, a Windows Certificate Authority","inLanguage":"de-DE","isPartOf":{"@id":"https:\/\/zerobotics.de\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#breadcrumblist"},"author":{"@id":"https:\/\/zerobotics.de\/blog\/author\/alex\/#author"},"creator":{"@id":"https:\/\/zerobotics.de\/blog\/author\/alex\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/zerobotics.de\/blog\/wp-content\/uploads\/2022\/07\/image-13.png","@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#mainImage","width":646,"height":251},"primaryImageOfPage":{"@id":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/#mainImage"},"datePublished":"2022-07-27T16:56:52+02:00","dateModified":"2023-07-17T16:32:09+02:00"},{"@type":"WebSite","@id":"https:\/\/zerobotics.de\/blog\/#website","url":"https:\/\/zerobotics.de\/blog\/","name":"ZEROBOTICS","description":"The Friendly Neighborhood Zero","inLanguage":"de-DE","publisher":{"@id":"https:\/\/zerobotics.de\/blog\/#person"}}]},"og:locale":"de_DE","og:site_name":"ZEROBOTICS - The Friendly Neighborhood Zero","og:type":"article","og:title":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS","og:description":"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an &quot;official&quot; certificate and replace the &quot;Self Signed Certificate&quot;. In the Lab environment, a Windows Certificate Authority","og:url":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/","article:published_time":"2022-07-27T14:56:52+00:00","article:modified_time":"2023-07-17T14:32:09+00:00","twitter:card":"summary_large_image","twitter:site":"@zeroboioioy","twitter:title":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA - ZEROBOTICS","twitter:description":"Since I was dealing with VMware NSX Advanced Load Balancer (or NSX ALB aka AVI Loadbalancer, take your pick!) in connection with vSphere with Tanzu in our ITQ Lab environment, I also wanted to make it trustworthy with an &quot;official&quot; certificate and replace the &quot;Self Signed Certificate&quot;. In the Lab environment, a Windows Certificate Authority","twitter:creator":"@zeroboioioy"},"aioseo_meta_data":{"post_id":"202","title":null,"description":null,"keywords":[],"keyphrases":{"focus":{"keyphrase":""},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"custom_image","og_image_url":"","og_image_width":"0","og_image_height":"0","og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":[],"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"custom_image","twitter_image_url":"","twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[],"defaultGraph":"Article","defaultPostTypeGraph":""},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"},\"blockGraphs\":[]}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2022-08-01 14:00:39","updated":"2025-10-20 08:27:03","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/zerobotics.de\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/zerobotics.de\/blog\/en\/category\/nsx-en\/\" title=\"NSX\">NSX<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tVMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/zerobotics.de\/blog"},{"label":"NSX","link":"https:\/\/zerobotics.de\/blog\/en\/category\/nsx-en\/"},{"label":"VMware NSX ALB \/ AVI Certificate Signing Request (CSR) with Microsoft CA","link":"https:\/\/zerobotics.de\/blog\/en\/vmware-nsx-alb-avi-certificate-signing-request-csr-in-combination-with-microsoft-ca\/"}],"_links":{"self":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts\/202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":9,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":316,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/posts\/202\/revisions\/316"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/media\/110"}],"wp:attachment":[{"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerobotics.de\/blog\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}