NSX-V Manager alert: Certificate ssoserverSign has expired
search cancel

NSX-V Manager alert: Certificate ssoserverSign has expired

book

Article ID: 345778

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction


After SSO certificate expires on vCenter the entry below will keep showing up every twenty four hours on the NSX WebUI plug-in > Events > System Events, even though the certificate has been replaced on vCenter.



On vsm.log you will see the following entries:
2021-05-27 00:30:00.056 GMT  INFO TaskFrameworkExecutor-11 EventServiceImpl:119 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] [SystemEvent] Time:'Thu May 27 00:30:00.054 GMT 2021', Severity:'Critical', Event Source:'Certificate Monitoring Service', Code:'360001', Event Message:'Certificate ssoserverSign has expired', Module:'Trust Store', Universal Object:'false'

2021-05-14 18:35:51.030 GMT  INFO http-nio-127.0.0.1-7441-exec-3 SSOConfigServiceImpl:109 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] SSO Configuration [save]: SSOConfig [vsmSolutionName=VSM_SOLUTION_<UUID>, ssoLookupServiceUrl=https://192.168.XX.XX:443/lookupservice/sdk, vsmSolutionCertitificateStoreId=certificate-16, vsmSolutionHoKCertificateStoreId=certificate-17, stsRootCertificateStoreId=null, [email protected]]

 
 


Cause

Stale Certificate entry on NSX database.

These alerts are generated because of "expiryPreNotificationDuration" check on VC side, which runs at 00:30 everyday and job is to identify the certificates and System events are raised for expired and to be expired certificates. This includes certificates in DB as well as in VC keystore.

Resolution


Please open Support request with Broadcom

Additional Information

https://knowledge.broadcom.com/external/article?legacyId=68171
https://knowledge.broadcom.com/external/article?legacyId=2111411
https://knowledge.broadcom.com/external/article?legacyId=82560

Impact/Risks:
No impact this is just a cosmetic issue.