Certificate generating critical pre-check errors in NSX-T when attempting an upgrade
book
Article ID: 322553
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
When pre-checks are run during the process of upgrade, a critical alert is generated for certificates, which prevents the upgrade from continuing.
On the NSX-T GUI and in NSX-T manager log/var/log/upgrade-coordinator/upgrade-coordinator.log, we see following error:
The certificate with Id XXXXXX-XXXX-XXXX-XXXXXXXX failed to parse with error: Illegal footer in PEM, needs to have exactly 5 consecutive hyphens. Please delete (if unused) or replace this certificate prior to upgrading.
Environment
VMware NSX-T Data Center VMware NSX-T
Cause
NSX-T upgrade Pre-check generates a critical error or upgrade fails when a certificate is attached to a non-existent node-id (NSX-T Manager node). In other words, If the when we run a GET API for the certificate, we would see that one of the certificates is attached to a node_id which doesn't exist in the NSX-T internal DB.
Resolution
This is a known issue impacting NSX-T data center.
Workaround: If you believe you have encountered this issue, please open a Broadcom Support request and reference this KB.