Once you have completed the install of your three NSX-T manager nodes it is a good idea to replace the certificates with certificate authority (CA) signed certificates with your domain. This will provide better security knowing the web page you are connecting to is trusted. Also, you can avoid that annoying “Your connection is not private” page. We will walk through how to replace all the system generated certificates used with the NSX-T manager platform.
To ensure our servers are only accepting connections using secure cryptographic protocols we often need to restrict which protocols are enabled on a server. NSX-T manager appliances include TLSv1.1 and TLSv1.2 enabled by default. This article will walk you through confirming what TLS protocols are enabled as well as how to disable TLS protocol versions to harden your deployment.