NSX edge node deployment triggered from NSX Manager UI, fails with following error, "OVF certificate validation failed. Error: Error while fetching ovf file. e has expired"
Article ID: 369908
Updated On:
Products
VMware NSX
Issue/Introduction
- When deploying a new edge node from NSX Manager UI, the deployment fails with the below error.
- In NSX Manager UI, under System ->
Certificates, the certificate associated with API and/or MGMT_Cluster service is expired.
Environment
VMware NSX
Cause
When Tomcat certificates (Service Type = API) and/or mp-cluster certificates (Service Type = MGMT_CLUSTER) expire on NSX managers, Edge/Manager deployment workflow triggered from NSX Manager fails. This is an expected behavior of the product.
Resolution
- Certificate verification can be done by making the following API call: GET https://<nsx-mgr>/api/v1/trust-management/certificates/<cert-id>?action=validate.
- Create CSR for API and mgmt_cluster services. Refer to Create a Certificate Signing Request File in Techdocs.
- Use the POST APIs to renew the API and mgmt-cluster certificates as described in steps 4 & 5 in the Replace Certificates Techdoc.
- Restart the proton service on all the 3 NSX managers (from the admin shell): restart service manager.
Additional Information
To self-sign the CSRs refer to Create a Self-Signed Certificate Techdoc.
Reference article with a similar error but different cause and resolution: KB367853
Feedback
Yes
No
Powered by
