To correct the CN field with FQDN

• NSX-T upgrade failing with following error

Message: “NSX-T FQDN”- NSX-T manager has a common name that does not match its hostname.

Remediation Message: NSX-T manager has a common name that does not match its hostname.Ensure that NSX-T manager has a valid certificate with its common name matching the host name.

• lcm.log located at /var/log/vmware/vcf/lcm/ reports similar to below

2022-03-14T11:45:30.679-0700 DEBUG [vcf_lcm,1d6ad84d0b3b1280,dc9c,upgradeId=cd0d58cc-fef3-48ea-9bbf-43aaf26f49e6,resourceType=NSX_T_PARALLEL_CLUSTER,resourceId=ddltdatdc-m1-"NSX-T FQDN":_ParallelClusterUpgradeElement,bundleElementId=db55f971-1d7e-4555-82dd-de6874d803b8] [c.v.e.s.l.p.c.s.LcmSecurityService,Async-10] SSL validation failed for the host “NSX-T FQDN”

2022-03-14T11:45:30.680-0700 DEBUG [vcf_lcm,1d6ad84d0b3b1280,dc9c,upgradeId=cd0d58cc-fef3-48ea-9bbf-43aaf26f49e6,resourceType=NSX_T_PARALLEL_CLUSTER,resourceId=ddltdatdc-m1-"NSX-T FQDN":_ParallelClusterUpgradeElement,bundleElementId=db55f971-1d7e-4555-82dd-de6874d803b8] [c.v.e.s.l.p.c.s.LcmSecurityService,Async-10] Host SSL validation successful for host “NSX-T FQDN”

• Running the command in NSX-T Manager node shows CN as shortname

root@nsxmanager:~# echo | openssl s_client -showcerts -connect localhost:443

This occurs due to mismatch in CN field which is not FQDN

To resolve this issue follow below steps

1. Generate and install certificate for NSX-T manager nodes which contains FQDN in Common name(CN) field from SDDC manager –Refer to VCF 4.4 Administration guide

2. Now run the command in NSX-T manager node to check

root@ nsxmanager:~# echo | openssl s_client -showcerts -connect localhost:443

It should display CN=FQDN

3.   Retry the NSX-T upgrade.

None