NSX infra was recently upgraded to 4.1.x version.
CBM certificates shows up as expired and on manual replacement using the API call, CBM_API service throws below error
POST https://<Any manager-IP or manager FQDN>/api/v1/trust-management/certificates/<New Certificate ID>?action=apply_certificate&service_type=<CBM_API>&node_id=<manager node ID>
{
"httpStatus" : "BAD_REQUEST",
"error_code" : 2081,
"module_name" : "internal-framework",
"error_message" : "No Certificate Profile of type CBM_API available for the current node-type."
}
VMware NSX 4.1.x
CBM_API service type has been deprecated from version 4.1.1 onwards but we do see some unexpected occurrences of certificates using this service-type when it was upgraded.
This issue is fixed in upcoming NSX release.
Workaround:
Steps to release each CBM_API certificate (API-Corfu Client certificate):