NSX-V Manager alert: Certificate ssoserverSign has expired
Article ID: 345778
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
After SSO certificate expires on vCenter the entry below will keep showing up every twenty four hours on the NSX WebUI plug-in > Events > System Events, even though the certificate has been replaced on vCenter.
On vsm.log you will see the following entries:
2021-05-27 00:30:00.056 GMT INFO TaskFrameworkExecutor-11 EventServiceImpl:119 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [SystemEvent] Time:'Thu May 27 00:30:00.054 GMT 2021', Severity:'Critical', Event Source:'Certificate Monitoring Service', Code:'360001', Event Message:'Certificate ssoserverSign has expired', Module:'Trust Store', Universal Object:'false'
2021-05-14 18:35:51.030 GMT INFO http-nio-127.0.0.1-7441-exec-3 SSOConfigServiceImpl:109 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] SSO Configuration [save]: SSOConfig [vsmSolutionName=VSM_SOLUTION_<UUID>, ssoLookupServiceUrl=https://192.168.XX.XX:443/lookupservice/sdk, vsmSolutionCertitificateStoreId=certificate-16, vsmSolutionHoKCertificateStoreId=certificate-17, stsRootCertificateStoreId=null, [email protected]]
After SSO certificate expires on vCenter the entry below will keep showing up every twenty four hours on the NSX WebUI plug-in > Events > System Events, even though the certificate has been replaced on vCenter.
On vsm.log you will see the following entries:
2021-05-27 00:30:00.056 GMT INFO TaskFrameworkExecutor-11 EventServiceImpl:119 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [SystemEvent] Time:'Thu May 27 00:30:00.054 GMT 2021', Severity:'Critical', Event Source:'Certificate Monitoring Service', Code:'360001', Event Message:'Certificate ssoserverSign has expired', Module:'Trust Store', Universal Object:'false'
2021-05-14 18:35:51.030 GMT INFO http-nio-127.0.0.1-7441-exec-3 SSOConfigServiceImpl:109 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] SSO Configuration [save]: SSOConfig [vsmSolutionName=VSM_SOLUTION_<UUID>, ssoLookupServiceUrl=https://192.168.XX.XX:443/lookupservice/sdk, vsmSolutionCertitificateStoreId=certificate-16, vsmSolutionHoKCertificateStoreId=certificate-17, stsRootCertificateStoreId=null, [email protected]]
Cause
Stale Certificate entry on NSX database.
These alerts are generated because of "expiryPreNotificationDuration" check on VC side, which runs at 12:30 AM everyday and job is to identify the certificates and System events are raised for expired and to be expired certificates. This includes certificates in DB as well as in VC keystore.
These alerts are generated because of "expiryPreNotificationDuration" check on VC side, which runs at 12:30 AM everyday and job is to identify the certificates and System events are raised for expired and to be expired certificates. This includes certificates in DB as well as in VC keystore.
Resolution
Please reach out to GS support.
Additional Information
https://kb.vmware.com/s/article/68171
https://kb.vmware.com/s/article/2111411
https://kb.vmware.com/s/article/68171
https://kb.vmware.com/s/article/82560
Impact/Risks:
No impact this is just a cosmetic issue.
https://kb.vmware.com/s/article/2111411
https://kb.vmware.com/s/article/68171
https://kb.vmware.com/s/article/82560
Impact/Risks:
No impact this is just a cosmetic issue.
Feedback
Yes
No
Powered by
