Steps followed to generate the certificate and use for the Antrea Cluster
1. Create a client certificate for antrea cluster
2. Register antrea cluster to NSX with above client certificate
3. Register another antrea cluster to NSX with above client certificate
4. The second registration will fail and error "certificate conflict with clusterControlPlane node id" in register Pod log
5. Check NSX nsxapi.log, a InvalidArgumentException and a NullPointerException error in log
nsxapi.log
<timestamp>.818Z ERROR http-nio-127.0.0.1-7440-exec-59 ClusterControlPlaneServiceImpl 85229 POLICY [nsx@6876 comp="nsx-manager" errorCode="PM220" level="ERROR" reqId="cxxxxxxd-21a0-4xx3-bxxf-d0xxxxxxxxxc" subcomp="manager" username="admin"] ClusterControlPlaneServiceImpl::validateParameterForCreate: certificate conflict with clusterControlPlane
com.vmware.nsx.management.container.exceptions.InvalidArgumentException: Argument ClusterControlPlaneServiceImpl::validateParameterForCreate: certificate conflict with clusterControlPlane node id 9xxxxxx4-cxx1-4xxf-axxe-3xxxxxxxxxx4 is invalid.
...
<timestamp>.824Z WARN http-nio-127.0.0.1-7440-exec-59 ExceptionHandlerExceptionResolver 85229 Failure in @ExceptionHandler com.vmware.nsxapi.clustercontrolplane.controller.ClusterControlPlaneController#handleBaseException(BaseException, HttpServletResponse, HttpServletRequest)
java.lang.NullPointerException: null
1. Each certificate's CommonName should equal ClusterControlPlane's id, and should equal PI's name.
2. PI's name and ClusterControlPlane's id is unique.
However, the InvalidArgumentException is not processed correctly in NSX and it throws another NullPointerException.