Alarm for Certificate Expired is seen in the NSX-T UI
search cancel

Alarm for Certificate Expired is seen in the NSX-T UI

book

Article ID: 345870

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

An alarm is seen in the NSX-T UI citing that a certificate is expired. The Alarm resembles the screenshot below:




In the Syslog (var/log/syslog) of an NSX T Manager, one can also find an correlated error resembling that of below:

2022-01-17T10:06:09.706Z manager1 NSX 5443 MONITORING [nsx@6876 alarmId="<UUID>" alarmState="OPEN" comp="nsx-manager" entId="<UUID>" errorCode="MP701099" eventFeatureName="certificates" eventSev="CRITICAL" eventState="On" eventType="certificate_expired" level="FATAL" nodeId="<UUID>" subcomp="monitoring"] Certificate <UUID> has expired.


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware NSX-T Data Center 3.x
VMware NSX

Cause

A certificate in the NSX-T Manager trust store has reached its expiration date.

Resolution

Ensure services that are currently using the certificate are updated to use a new, non-expired certificate. Once the expired certificate is no longer in use, it should be deleted by utilizing the User Interface or invoking the DELETE /api/v1/trust-management/certificates/<certificate-id> or /policy/api/v1/trust-management/certificates/<certificate-id> NSX API.

If the expired certificate is used by NAPP Platform, the connection may be broken between NSX-T and NAPP Platform. Please check the NAPP Platform troubleshooting document for guidance on use a self-signed NAPP CA certificate for recovering the connection, found here: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/nsx-application-platform/GUID-2C1A9FA8-E45C-4640-99E3-865CD00A0D73.html