Certificates are attached to unused node IDs, error on certificate renewal: 'Applying certificate for service-type <Service> requires a valid node-id'

search cancel

Certificates are attached to unused node IDs, error on certificate renewal: 'Applying certificate for service-type <Service> requires a valid node-id'

book

Article ID: 369824

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

There has been an event of manager restoration or new manager addition in the infra.

While replacing the expired certificates we see that the certificates are bound to node ID that does not exist or assigned to any of the manager nodes.

When tried to replace the certificate via API we get the below error:

POST /api/v1/trust-management/certificates/<certificate-ID>?action=apply_certificate&service_type=<Service>&node_id=<node_ID>

Environment

VMware NSX-T

VMware NSX Data Center

Cause

Due to manager restoration or new node creation the IDs assigned to the respective manager might have changed but the certificates bound to these IDs still remain as unused.

Resolution

Once confirmed that these certificates are unused, we have to release and delete the certificates.

To overcome this situation, please open a technical case from Broadcom Support portal

https://knowledge.broadcom.com/external/article?articleNumber=206567

Feedback

thumb_up Yes

thumb_down No