The NSX Manager generates self-signed certificates for each of the hosts and controllers, which are used to secure control plane communications. This control plane communication is secured with TLS encryption by using the certificates that are managed by the NSX Manager. Install a CA-signed certificate for the NSX Manager to secure both the management interface and API endpoint on port 443. The Pivotal RabbitMQ broker certificates on the NSX Manager used for communication with the ESXi hosts are uniquely generated on first boot.