Handling force delete of certificate consumed in the NSX Edge services such as SSLVPN/IPSec/L2VPN
search cancel

Handling force delete of certificate consumed in the NSX Edge services such as SSLVPN/IPSec/L2VPN

book

Article ID: 325092

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • Modifying any service in the NSX Edge fails in the autoplumb certificate.
  • You see the error:

    certificate-id not found.


Environment

VMware NSX for vSphere 6.4.x

Cause

This issue occurs because deleted certificates are still consumed in the NSX Edge services. If any of the feature is getting modified from the User Interface (UI), it triggers autoplumb of certificates consumed where the operation failed.

Resolution

This issue is resolved in VMware NSX for vSphere 6.4.5, available at VMware Downloads.


Workaround:
To workaround this issue if you cannot upgrade:
  1. Using this API,  get the NSX Edge configuration.

    GET https://NSXMGR_IP/api/4.0/edges/<edgeId>
     
  2. Modify all the services which consumes the deleted certificate with a valid certificate present.
  3. Update the NSX Edge using this API with the updated payload.

    PUT https://NSXMGR_IP/api/4.0/edges/<edgeId>


Powered by Wolken Software