NSX Certificate Expiration Approaching Alarm
search cancel

NSX Certificate Expiration Approaching Alarm

book

Article ID: 368169

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Title: Certificate Expiration Approaching

Event ID: certificate_expiration_approaching

Alarm Description: Certificate {entity_id} is approaching expiration in 30 days or less

  • On NSX UI, System, Certificates, Certificates, one or more certificates have Validity approaching expiry.

Environment

VMware NSX-T Data Center

VMware NSX

Cause

A certificate in the NSX Manager trust store is due to expire in the next 30 days, the alarm triggers when the certificate 'Not Valid After' date is less than 31 days.
Details on the types of certificates can be found here Certificates for NSX and NSX Federation

Resolution

If in use, expired certificates must be replaced with valid certificates, if not is use, as indicated in the 'Used By' column of the 'System, Certificates, Certificates' page for that certificate, the certificate can be deleted, by selecting the certificate and deleting it.

Services may be functionally impacted until the certificates are replaced.

Expired certificates that are no longer in use must be deleted.
 
Starting from NSX 4.2.0, renewal of certificates can be performed via the UI, see Admin Guide section Replace Certificates Through NSX Manager.

The CARR script can also be used to replace expired NSX self signed certificates, see Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX.

For CA signed certificates, a new certificate will need to be obtained from the relevant CA and imported to NSX.

Additional Information

Powered by Wolken Software