Symptoms:

• After upgrading NSX Manager to 6.3.6 or 6.4.1, Web Client becomes unresponsive when you see Edge certificates. Additionally, you see Adobe Flash errors if you use Firefox.

 

• 
• You can manage certificates by API.
• You can get global certificates by API (GET api/2.0/services/truststore/certificate/scope/globalroot-0) whose <certificateType> is undefined.

VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x

The plugin of NSX 6.3.6 and 6.4.1 can not manage certificates whose <certificateType> is NULL such as old PSC certificate.

Issue is resolved in NSX 6.4.2 and NSX 6.3.7. If you are unable to upgrade, please consult the steps below to correct the problem:

The resolution is to use an API call to delete all of the unused certificates, whose <certificateType> is undefined.

To get all of global certificates, you can call "GET api/2.0/services/truststore/certificate/scope/globalroot-0".
To delete a specified certificate, you can call "DELETE https://localhost/api/2.0/services/truststore/certificate/<certificate-id>".


Example:

1. Confirm certificates whose <certificateType> is undefined.

$ curl -k -u 'admin:<password>' -X GET https://<nsxmgr-ip>/api/2.0/services/truststore/certificate/scope/globalroot-0 | xmllint --format - | egrep 'objectId|certificateType|certificate'
2. Then, you should delete certificate-11 because it doesn't have <certificateType>.

$ curl -k -u 'admin:<password>' -X DELETE https://<nsxmgr-ip>/api/2.0/services/truststore/certificate/certificate-11

$ curl -k -u 'admin:<password>' -X GET https://<nsxmgr-ip>/api/2.0/services/truststore/certificate/scope/globalroot-0 | xmllint --format - | egrep 'objectId|certificateType|certificate'

Workaround:
If the issue still exists after deleting all the "undefined" certificates, please open a Support Request with NSX support for further assistance.