To correct the CN field with FQDN
Symptoms:
Message: “NSX-T FQDN”- NSX-T manager has a common name that does not match its hostname.
Remediation Message: NSX-T manager has a common name that does not match its hostname.Ensure that NSX-T manager has a valid certificate with its common name matching the host name.
2022-03-14T11:45:30.679-0700 DEBUG [vcf_lcm,1d6ad84d0b3b1280,dc9c,upgradeId=cd0d58cc-fef3-####-####-########
9e6,resourceType=NSX_T_PARALLEL_CLUSTER,resourceId=ddltdatdc-m1-"NSX-T FQDN":_ParallelClusterUpgradeElement,bundleElementId=db55f971-1d7e-####-####-########
3b8] [c.v.e.s.l.p.c.s.LcmSecurityService,Async-10] SSL validation failed for the host “NSX-T FQDN”
2022-03-14T11:45:30.680-0700 DEBUG [vcf_lcm,1d6ad84d0b3b1280,dc9c,upgradeId=cd0d58cc-fef3-####-####-########
9e6,resourceType=NSX_T_PARALLEL_CLUSTER,resourceId=ddltdatdc-m1-"NSX-T FQDN":_ParallelClusterUpgradeElement,bundleElementId=db55f971-1d7e-####-####-########
3b8] [c.v.e.s.l.p.c.s.LcmSecurityService,Async-10] Host SSL validation successful for host “NSX-T FQDN”
root@nsxmanager:~# echo | openssl s_client -showcerts -connect localhost:443
This occurs due to mismatch in CN field which is not FQDN
To resolve this issue, follow below steps
1. Generate and install certificate for NSX-T manager nodes which contains FQDN in Common name (CN) field from SDDC manager –Refer to VCF 4.4 Administration guide
2. Now run the command in NSX-T manager node to check
root@ nsxmanager:~# echo | openssl s_client -showcerts -connect localhost:443
It should display CN=FQDN
3. Retry the NSX-T upgrade.