NSX Edge fails to upload a server certificate
search cancel

NSX Edge fails to upload a server certificate

book

Article ID: 345035

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
When adding a new server certificate on the Edge UI - NSX Edges -> Manage -> Settings -> Certificates -> Certificate -> Paste in the certificate and private key, click "Add" and that results in the error message "Internal server error has occurred".

image.png

In the vsm.log you will see the following exceptions:

2021-11-30 12:27:18.521 GMT  WARN http-nio-127.0.0.1-7441-exec-22 RemoteInvocationTraceInterceptor:88 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.vsm.truststore.facade.TrustStoreFacade.addCertificates
java.lang.NullPointerException: null
        at com.vmware.vshield.vsm.truststore.utils.TrustObjectConverter.toDto(TrustObjectConverter.java:65) ~[vsm-core-1.0.jar:?]
        at com.vmware.vshield.vsm.truststore.facade.impl.TrustStoreFacadeImpl.addCertificates_aroundBody0(TrustStoreFacadeImpl.java:77) 
(...)

2021-11-30 12:27:18.536 GMT ERROR http-nio-127.0.0.1-7441-exec-22 RemoteServerUtil:121 - - [nsxv@6876 comp="nsx-manager" level="ERROR" subcomp="manager"] Throwing remote base exception com.vmware.vshield.vsm.remoting.server.exceptions.RemoteBaseException: Internal server error has occurred.
        at com.vmware.vshield.vsm.remoting.server.util.RemoteServerUtil.convertException(RemoteServerUtil.java:114) [vsm-core-1.0.jar:?]
        at com.vmware.vshield.vsm.remoting.server.VsmHttpInvokerServiceExporter.writeRemoteInvocationResult(VsmHttpInvokerServiceExporter.java:85) [vsm-core-1.0.jar:?]
        at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.writeRemoteInvocationResult(HttpInvokerServiceExporter.java:151) [spring-web-5.2.15.RELEASE.jar:5.2.15.RELEASE]
        at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:78) [spring-web-5.2.15.RELEASE.jar:5.2.15.RELEASE]
(...)        


Environment

VMware NSX Data Center for vSphere 6.4.x

Cause

NSX for vSphere does not support certificates without a Common Name (CN) specified in it.

Resolution

No current resolution is available.

Workaround:
Use a server certificate which has a Common Name.