NSX edge node deployment triggered from NSX Manager UI, fails with following error, "OVF certificate validation failed. Error: Error while fetching ovf file. e has expired"
search cancel

NSX edge node deployment triggered from NSX Manager UI, fails with following error, "OVF certificate validation failed. Error: Error while fetching ovf file. e has expired"

book

Article ID: 369908

calendar_today

Updated On: 06-27-2025

Products

VMware NSX

Issue/Introduction

  • When deploying a new edge node from NSX Manager UI, the deployment fails with the below error.

  • In NSX Manager UI, under System -> Certificates, the certificate associated with API and/or MGMT_Cluster service is expired.

Environment

VMware NSX

Cause

When Tomcat certificates (Service Type = API) and/or mp-cluster certificates (Service Type = MGMT_CLUSTER) expire on NSX managers, Edge/Manager deployment workflow triggered from NSX Manager fails. This is an expected behavior of the product.

Resolution

  1. Certificate verification can be done by making the following API call: GET https://<nsx-mgr>/api/v1/trust-management/certificates/<cert-id>?action=validate.
  2. Create CSR for API and mgmt_cluster services. Refer to Create a Certificate Signing Request File in Techdocs.
  3. Use the POST APIs to renew the API and mgmt-cluster certificates as described in steps 4 & 5 in the Replace Certificates Techdoc.
  4. Restart the proton service on all the 3 NSX managers (from the admin shell): restart service manager.

Additional Information

To self-sign the CSRs refer to Create a Self-Signed Certificate Techdoc.

Reference article with a similar error but different cause and resolution: KB367853