CA Signed service certificate not usable for L7 LB in NSX-T Manager UI
search cancel

CA Signed service certificate not usable for L7 LB in NSX-T Manager UI

book

Article ID: 370271

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

CA signed certs are not getting listed for LB configured from Manager mode, but the same certificate will be populated in Policy mode.

Environment

Issue reported in VMware NSX Environment running versions: 3.2.1 and 3.2.2

Cause

The search query NSX Manager makes is not able to fetch the available certificate.

Resolution

Issue is resolved in 3.2.3, 4.1.0 and later.

As a workaround, attempt to replace certificate via API.

 

PUT https://manager-ip/api/v1/loadbalancer/virtual-servers/<vs-id>

If incase, the API fails with error, "BAD REQUEST, Invalid Certificate ID" below steps to be carried out.

 

-- To get certificate ID using below search API.

GET https://<manager-ip>/api/v1/search?query=display_name:** AND ( resource_type:certificate_self_signed OR resource_type:certificate_ca OR resource_type:certificate_signed )

 

-- Apply the same to LB VS:

PUT https://manager-ip/api/v1/loadbalancer/virtual-servers/<vs-id>

Certificate replacement is expected to be successful with response status code 200 OK.

 

Additional Information

If the above resolution doesn't helps to overcome with the issue, please open a support request with Broadcom support to validate further.

Powered by Wolken Software