- You are running VMware NSX 4.x.
- You are trying to deploy an VMware NSX Manager or Edge node from the NSX-T manager UI and this fails with error:
Error while fetching ovf file. ASN length at position 2 curl_wrapper: (60) SSL: no alternative certificate subject name matches target host name '<nsx-manager-hostname>'
- In the NSX Manager log
/var/log/syslog
you find the following entries:
2023-04-28T12:49:01.517Z <nsx-manager-fqdn> NSX 4541 FABRIC [nsx@6876 comp="nsx-manager" errorCode="MP31705" level="ERROR" subcomp="manager"] For [test], error: Error while fetching ovf file. ASN length at position 2#012curl_wrapper: (60) SSL: no alternative certificate subject name matches target host name '<nsx-manager-fqdn>'#012
- Deploying an edge node via OVF in vCenter does not encounter the same issue.
- You may also encounter this issue during upgrade of a VMware NSX Edge node or manager appliance.
- You may encounter an error similar to the following when upgrading the upgrade-coordinator while the NSX Manager repositories are being synced:
[<IP>] Unable to connect to File /repository/<version.build>/Manager/vmware-mount/libgobject-2.0.so.0 on source <nsx-manager-fqdn>. Please verify file exists on source and install-upgrade service is up.
- In the NSX Manager log
/var/log/proton/nsxapi.log
you will see similar looking entries:
INFO RepoSyncThread-1687161993610 RepoSyncFileHelper 95373 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to get server info for https://nsxt.example.com:443/repository/4.1.X/<path_to_file>
returned result CommandResultImpl [commandName=null, pid=3022439, status=FAILED, errorCode=60, errorMessage=Unexpected ASN length at position 2
curl_wrapper: (60) SSL: no alternative certificate subject name matches target host name 'nsxt
'
Or
INFO RepoSyncThread-1695020706074 RepoSyncFileHelper 4977 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to check if remote file exists for https://nsxt.example.com:443/repository/4.1.X/<path_to_file> returned result CommandResultImpl [commandName=null, pid=1406936, status=SUCCESS, errorCode=0, errorMessage=null, commandOutput=Unexpected DNS name at position 78
Or
INFO RepoSyncThread-1698231201309 RepoSyncFileHelper 2664864 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to check if remote file exists for https://nsxt.example.com:443/4.1.X/<path_to_file>
returned result CommandResultImpl [commandName=null, pid=3775111, status=FAILED, errorCode=51, errorMessage=curl_wrapper: (51) SSL: no alternative certificate subject name matches target host name 'nsxt-fqdn.com', commandOutput=null]
Note:
The NSX version in the above log entry may be any 4.1.X version.
<path_to_file>
represents the file the repository sync failed on.
The manager FQDN, could also be an IP address.
- You may encounter an error while attempting to upgrade any transport node.