Handling force delete of certificate consumed in the NSX Edge services such as SSLVPN/IPSec/L2VPN
book
Article ID: 325092
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
Modifying any service in the NSX Edge fails in the autoplumb certificate.
You see the error:
certificate-id not found.
Environment
VMware NSX for vSphere 6.4.x
Cause
This issue occurs because deleted certificates are still consumed in the NSX Edge services. If any of the feature is getting modified from the User Interface (UI), it triggers autoplumb of certificates consumed where the operation failed.
Resolution
This issue is resolved in VMware NSX for vSphere 6.4.5, available at VMware Downloads.
Workaround: To workaround this issue if you cannot upgrade:
Using this API, get the NSX Edge configuration.
GET https://NSXMGR_IP/api/4.0/edges/<edgeId>
Modify all the services which consumes the deleted certificate with a valid certificate present.
Update the NSX Edge using this API with the updated payload.