Web Client becomes unresponsive when you see Edge certificates after upgrading NSX Manager
search cancel

Web Client becomes unresponsive when you see Edge certificates after upgrading NSX Manager

book

Article ID: 325728

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • After upgrading NSX Manager to 6.3.6 or 6.4.1, Web Client becomes unresponsive when you see Edge certificates. Additionally, you see Adobe Flash errors if you use Firefox.
 
  • You can manage certificates by API.
  • You can get global certificates by API (GET api/2.0/services/truststore/certificate/scope/globalroot-0) whose <certificateType> is undefined.
TypeError: Error #1009: Cannot access a property or method of a null object reference.
    at com.vmware.vshield.plugin.edge.certificates.ui.view.comp::CertificateListPage/certificateTypeColLabelFunc()[/build/mts/release/bora-8084006/mgmtplatform/em/maven/ui/ngc/edge/vshield-edge-ui/swf/src/main/flex/com/vmware/vshield/plugin/edge/certificates/ui/view/comp/CertificateListPage.mxml:108]
...


Environment

VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x

Cause

The plugin of NSX 6.3.6 and 6.4.1 can not manage certificates whose <certificateType> is NULL such as old PSC certificate.

Resolution

Issue is resolved in NSX 6.4.2 and NSX 6.3.7. If you are unable to upgrade, please consult the steps below to correct the problem:

The resolution is to use an API call to delete all of the unused certificates, whose <certificateType> is undefined.

To get all of global certificates, you can call "GET api/2.0/services/truststore/certificate/scope/globalroot-0".
To delete a specified certificate, you can call "DELETE https://localhost/api/2.0/services/truststore/certificate/<certificate-id>".


Example:

1. Confirm certificates whose <certificateType> is undefined.

$ curl -k -u 'admin:<password>' -X GET https://<nsxmgr-ip>/api/2.0/services/truststore/certificate/scope/globalroot-0 | xmllint --format - | egrep 'objectId|certificateType|certificate'
<certificates>
  <certificate>
    <objectId>certificate-1</objectId>
    <certificateType>certificate_self_signed</certificateType>
  </certificate>
  <certificate>
    <objectId>certificate-2</objectId>
    <certificateType>certificate_self_signed</certificateType>
  </certificate>
  <certificate>
    <objectId>certificate-11</objectId>
  </certificate>
</certificates>

2. Then, you should delete certificate-11 because it doesn't have <certificateType>.

$ curl -k -u 'admin:<password>' -X DELETE https://<nsxmgr-ip>/api/2.0/services/truststore/certificate/certificate-11

$ curl -k -u 'admin:<password>' -X GET https://<nsxmgr-ip>/api/2.0/services/truststore/certificate/scope/globalroot-0 | xmllint --format - | egrep 'objectId|certificateType|certificate'
<certificates>
  <certificate>
    <objectId>certificate-1</objectId>
    <certificateType>certificate_self_signed</certificateType>
  </certificate>
  <certificate>
    <objectId>certificate-2</objectId>
    <certificateType>certificate_self_signed</certificateType>
  </certificate>
</certificates>


Workaround:
If the issue still exists after deleting all the "undefined" certificates, please open a Support Request with NSX support for further assistance.