• NSX Manager certificate Networking & Security web plugin is missing from vCenter User Interface
• vCenter logs show

virgo.log

2018-01-31T09:01:52.627+01:00] [WARN ] pool-9-thread-4 70000250 100009 200005 com.vmware.vshield.plugin.common.util.CommonUtil Error occured while authentication: org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [HOSTNAME]/remote/api/UserMgmtFacade]; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

• Openssl command is used to check all the certificates in the chain:

openssl x509 -in {CERT} -text -noout

• One or multiple certificate have "Signature Algorithm: rsassaPss"

VMware NSX Data Center for vSphere 6.4.x

Certificates do not conform to algorithm constraints. Error is related to a signature algorithm used in certificate chain.TLS versions through to 1.2 do not support PSS.

There's currently no resolution to this issue.

Workaround:

Use certificates with supported signature algorithm. e.g "sha256WithRSAEncryption" or "sha512WithRSAEncryption"