• Certificates with no CRL (Certificate Revocation List) have been configured.
• The following logs entries are generated in the NSX-T manager syslog: 

  NSX 4552 SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] Couldn't get LDAP context from URI ldap:///CN=Corp%20AB%20Issuing%20CA4,CN=test1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=dom,DC=example,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
  
  NSX 4552 SYSTEM [nsx@6876 comp="nsx-manager" errorCode="MP2062" level="ERROR" subcomp="manager"] Unexpected NullPointerException while fetching CRL: null

• The above log entries may also be seen on external logging server.
• Using the following API call to the NSX-T manager, we see CRL checking is disabled:

  GET https://<manager>/api/v1/global-configs/SecurityGlobalConfig
  Result:
  ...
  " crl_checking_enabled": false,
  ...

• No functional impact is observed. 

VMware NSX-T Data Center 3.x
VMware NSX 4.x

This issue is resolved in VMware NSX 4.2.0, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

Workaround

If you wish to avoid receiving these log entries, you can remove the CRL CDP (CRL Distribution Point) from NSX-T.

1. Use the following API to get the list of CDP's:

   GET /api/v1/trust-management/crl-distribution-points

2. From the results returned, use the ID in the following DELETE API call:

   DELETE /api/v1/trust-management/crl-distribution-points\<cdp-id>

3. Repeat above steps for each CDP to be removed.