Certificate generating critical pre-check errors in NSX-T when attempting an upgrade
search cancel

Certificate generating critical pre-check errors in NSX-T when attempting an upgrade

book

Article ID: 322553

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • When pre-checks are run during the process of upgrade, a critical alert is generated for certificates, which prevents the upgrade from continuing.
  • On the NSX-T GUI and in NSX-T manager log /var/log/upgrade-coordinator/upgrade-coordinator.log, we see following error:
 The certificate with Id XXXXXX-XXXX-XXXX-XXXXXXXX failed to parse with error: Illegal footer in PEM, needs to have exactly 5 consecutive hyphens. Please delete (if unused) or replace this certificate prior to upgrading.


Environment

VMware NSX-T Data Center
VMware NSX-T

Cause

NSX-T upgrade Pre-check generates a critical error or upgrade fails when a certificate is attached to a non-existent node-id (NSX-T Manager node). In other words, If the when we run a GET API for the certificate, we would see that one of the certificates is attached to a node_id which doesn't exist in the NSX-T internal DB.

Resolution

This is a known issue impacting NSX-T data center.

Workaround:
If you believe you have encountered this issue, please open a VMware NSX-T GSS support request and reference this KB.
For information, see How to submit a Support Request.