CA Signed service certificate not usable for L7 LB in NSX-T Manager UI

search cancel

CA Signed service certificate not usable for L7 LB in NSX-T Manager UI

book

Article ID: 370271

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

CA signed certs are not getting listed for LB configured from Manager mode, but the same certificate will be populated in Policy mode.

Environment

VMware NSX-T Data Center

Cause

The search query NSX Manager makes is not able to fetch the available certificate.

Resolution

Issue is resolved in 3.2.3, 4.1.0 and later versions.

Workaround:

Attempt to replace certificate via API.

PUT https://manager-ip/api/v1/loadbalancer/virtual-servers/<vs-id>

If incase, the API fails with error, "BAD REQUEST, Invalid Certificate ID" below steps to be carried out.

To get certificate ID using below search API.

GET https://<manager-ip>/api/v1/search?query=display_name:** AND ( resource_type:certificate_self_signed OR resource_type:certificate_ca OR resource_type:certificate_signed )

Apply the same to LB VS:

PUT https://manager-ip/api/v1/loadbalancer/virtual-servers/<vs-id>

Certificate replacement is expected to be successful with response status code 200 OK.

Additional Information

If the above resolution doesn't helps to overcome with the issue, please open a support request with Broadcom support to validate further.

Feedback

thumb_up Yes

thumb_down No