NSX Upgrade pre-checks report critical certificate error "failed to parse with error: Illegal footer in PEM"
search cancel

NSX Upgrade pre-checks report critical certificate error "failed to parse with error: Illegal footer in PEM"

book

Article ID: 322553

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When pre-checks are run during the process of upgrade, a critical alert is generated for certificates, which prevents the upgrade from continuing.
  • On the NSX-T GUI and in NSX-T manager log /var/log/upgrade-coordinator/upgrade-coordinator.log, we see following error:
 The certificate with Id XXXXXX-XXXX-XXXX-XXXXXXXX failed to parse with error: Illegal footer in PEM, needs to have exactly 5 consecutive hyphens. Please delete (if unused) or replace this certificate prior to upgrading.

Environment

VMware NSX-T Data Center 3.x
VMware NSX 4.x

Cause

NSX-T upgrade Pre-check generates a critical error or upgrade fails when a certificate is attached to a non-existent node-id (NSX-T Manager node). In other words, If the when we run a GET API for the certificate, we would see that one of the certificates is attached to a node_id which doesn't exist in the NSX-T internal DB.

Resolution

This is a known issue impacting VMware NSX.


The CARR script may be used to resolve this issue, please see Using Certificate Analyzer Resolver (CARR) Script to fix certificate related issues in NSX.

If the issue persists, please open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.

Powered by Wolken Software