In this tutorial, you will learn how to install an SSL certificate on a Nutanix cluster through the Prism web interface, both Prism Element (a single cluster) and Prism Central (multi-cluster management).
Generate a CSR code on a Nutanix cluster
If you’ve already generated a CSR code and received your SSL files, skip the first part and go straight to the installation instructions.
A CSR (Certificate Signing Request) is a block of encoded text containing your domain and organization details. You submit it to your Certificate Authority (CA) for validation during the SSL order process. You have two options:
- Use our CSR Generator to create the CSR automatically.
- Follow our step-by-step tutorial on how to generate a CSR on a Nutanix cluster.
Open your newly generated CSR file with any text editor and copy its entire contents (including the BEGIN header and END footer) into the corresponding field on your SSL vendor’s ordering page. Keep the matching private key safe: you’ll upload it to Prism during installation.
Important: Nutanix supports an RSA 2048 key (signed with SHA-256), or an ECDSA 256 or ECDSA 384 key. Generate your CSR and key with one of these types so the certificate will import cleanly.
Install an SSL certificate on a Nutanix cluster
Once your CA issues the certificate, you install it directly through the Nutanix web interface. The steps are the same for Prism Element (individual cluster) and Prism Central (multi-cluster management); only the path to the SSL Certificate page differs. Both replace the certificate through the UI.
Step 1: Prepare your files
Prism imports three separate files, all in PEM (Base64) format:
- Private Key: the unencrypted PEM key you used to generate the CSR (for example, yourdomain.key). If your key is passphrase-protected, remove the passphrase before importing.
- Public Certificate: the server certificate issued by your CA, in x509 Base64 PEM format (for example, yourdomain.crt or yourdomain.pem).
- CA Certificate/Chain: a single PEM file containing the issuing intermediate certificate(s) and the root CA certificate. Prism has only one field for the chain, so concatenate all intermediates and the root into one file, with the root CA last.
Tip: make sure the key type matches your certificate. A 2048-bit RSA certificate needs the RSA 2048 key; an ECDSA certificate needs the matching ECDSA key. Mismatched key types are the most common cause of a failed import.
Step 2: Open the SSL Certificate page
In Prism Element:
- Log in to your Prism Element console as an admin.
- Click the gear icon (Settings) in the top-right corner.
- Under Security, select SSL Certificate.
- Click Replace Certificate, then choose Import Key and Certificate and click Next.
In Prism Central:
- Log in to Prism Central as an admin.
- Open the Application Switcher (hamburger menu, top-left) and go to Admin Center.
- Navigate to Settings > SSL Certificate.
- Click Replace Certificate, then choose Import Key and Certificate.
On the import screen, set Private Key Type to match your key: RSA 2048, ECDSA 256, or ECDSA 384.
Step 3: Upload the certificate files
Upload each file into its matching field:
- Private Key: your unencrypted PEM key file.
- Public Certificate: the server certificate issued by your CA.
- CA Certificate/Chain: the single PEM bundle of intermediate(s) plus root CA.
Click Import Files to apply.
Step 4: Finish and verify
Prism restarts its web interface services automatically. After a brief interruption, refresh the page. The dashboard reloads using your new SSL certificate, and the browser certificate warning disappears.
You can now access your Nutanix interface securely over HTTPS with your custom domain.
Test your SSL installation
After installing the certificate, scan it for configuration errors or vulnerabilities to be on the safe side. With our SSL checker, you get instant reports on every facet of your SSL certificate and its setup. Note that if your Prism interface is only reachable on an internal network, you may need to run the check from inside that network or inspect the certificate directly in your browser.
Frequently Asked Questions
Open the gear icon (Settings) and go to SSL Certificate. In Prism Central, it’s under Admin Center > Settings > SSL Certificate. Click Replace Certificate, choose Import Key and Certificate, pick the matching Private Key Type, upload your private key, public certificate, and CA chain, then click Import Files. Prism restarts its web services and reloads with the new certificate.
Nutanix accepts an RSA 2048 key signed with SHA-256, or an ECDSA 256 (P-256) or ECDSA 384 (P-384) key. Choose the Private Key Type on the import screen to match the key you generated with your CSR. RSA 2048 is the most common choice.
Three PEM files: the Private Key (unencrypted), the Public Certificate (your CA-issued server certificate), and the CA Certificate/Chain. Because Prism provides a single field for the chain, combine all intermediate certificates and the root CA into one PEM file, with the root CA last.
Yes. Prism expects the private key in unencrypted PEM format. If your key is protected by a passphrase, remove it before importing; otherwise the import fails.
Prism restarts its web interface services after the import, so the console is briefly unavailable for a few moments. Running virtual machines and cluster workloads are not affected; only the management UI reloads. Refresh the page after the restart to confirm the new certificate is active.
Yes, the import is identical. The only difference is navigation: in Prism Element you reach the page from the gear icon under Security > SSL Certificate, while in Prism Central you go through Admin Center > Settings > SSL Certificate.
Where to buy the best SSL certificate for a Nutanix cluster?
If you’re looking for a great shopping experience, SSL Dragon is the right SSL vendor for you. Our intuitive, user-friendly website guides you smoothly through the entire range of SSL certificates. All our products are issued by reputable Certificate Authorities and are compatible with Nutanix.
Enjoy the lowest prices on the market and dedicated customer support for any certificate you choose. And if you’re struggling to find the perfect cert, use our SSL Wizard to get tailored suggestions.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


