CBM_API certificate replacement fails with error : 'No certificate Profile of type CBM_API expiring certificate'
search cancel

CBM_API certificate replacement fails with error : 'No certificate Profile of type CBM_API expiring certificate'

book

Article ID: 367857

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

NSX infra was recently upgraded to 4.1.x version.

CBM certificates shows up as expired and on manual replacement using the API call, CBM_API service throws below error

POST https://<Any manager-IP or manager FQDN>/api/v1/trust-management/certificates/<New Certificate ID>?action=apply_certificate&service_type=<CBM_API>&node_id=<manager node ID>
{
"httpStatus" : "BAD_REQUEST",
"error_code" : 2081,
"module_name" : "internal-framework",
"error_message" : "No Certificate Profile of type CBM_API available for the current node-type."
}

Environment

VMware NSX 4.1.x

Cause

CBM_API service type has been deprecated from version 4.1.1 onwards but we do see some unexpected occurrences of certificates using this service-type when it was upgraded. 

Resolution

This issue is fixed in upcoming NSX release.

Workaround:

Steps to release each CBM_API certificate (API-Corfu Client certificate):

  1. Access the NSX Manager UI, under System / Certificates.
  2. Locate the CBM_API certificate (API-Corfu Client certificate).
  3. Depending on the column “Where Used”:
    • If the column “Where Used” is at 0, you can simply delete the certificate via the vertical ellipsis.
    • If the column “Where Used” is NOT at 0, please contact Support by opening a service request and referencing this KB article.
Powered by Wolken Software