WARN http-nio-127.0.0.1-7440-exec-2 CdpCrlChecker 4477 SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" reqId="xxxxxxxx-dbca-4718-ba7f-xxxxxxxxxxxx" subcomp="manager" username="admin"] CRL CN=XXXXXX,DC=XXXXXX,DC=XXXXXX,DC=XXX is signed with OID 1.2.840.113549.1.1.10
VMware NSX-T Data Center
VMware NSX 4.x
AlgorithmId.sha256WithRSAEncryption_oid ( 1, 2, 840, 113549, 1, 1, 11)
AlgorithmId.sha256WithDSA_oid (2, 16, 840, 1, 101, 3, 4, 3, 2)
AlgorithmId.sha256WithECDSA_oid (1, 2, 840, 10045, 4, 3, 2)
AlgorithmId.sha384WithECDSA_oid (1, 2, 840, 10045, 4, 3, 3)
AlgorithmId.sha384WithRSAEncryption_oid (1, 2, 840, 113549, 1, 1, 12)
AlgorithmId.sha512WithECDSA_oid (1, 2, 840, 10045, 4, 3, 4)
AlgorithmId.sha512WithRSAEncryption_oid (1, 2, 840, 113549, 1, 1, 13)
The certificate used to sign the CRL did not use one of the above signatures.
None, this issue is due to incorrectly signed CRL certificate, which are not supported by VMware NSX.
Workaround:
You can disable CRL checking, which will prevent the connection from failing when checking the CRL of the certificate used by the LDAPS server.
Use the API call:
GET https://{{ip}}/policy/api/v1/infra/security-global-config
And change the value for "crl_check_enabled" from true to false and USE the returned data, with edit in the following POST API call:
PUT https://{{ip}}/policy/api/v1/infra/security-global-config