When attempting to upgrade the NSX Edges, you see the messages similar to the following:

'Download and verify bundle failed with msg: Closing connection 0'.

In the upgrade logs from the UI,

Prepare edge upgrade bundle <url>.nub failed on edge TransportNode <nodeID>: clientType EDGE , target edge fabric node id <nodeID>, return status Download and verify bundle failed with msg: Closing connection 0 .

or

The certificate with id <UUID> failed to parse with error: null. Please delete (if unused) or replace this certificate prior to upgrading

In the Edge Node var/syslog log file,

Error downloading nub '<url>.nub', output msg: , error msg: *   Trying (with httplib) <managerfqdn>:443...#012* certificate verification from <managerfqdn>:443 failed: Certificate <certificate details> does not use supported signature algorithm.#012* Closing connection 0#012curl_wrapper: (53) <certificate details> does not use supported signature algorithm.#012

VMware NSX

The syslog messages confirm that the chosen certificate is using an unsupported signature algorithm. This requirement applies to all the certificates in the chain (leaf, intermediate and root). Unsupported algorithms include SHA1 and PSS.

NSX manager tomcat certificate has expired

Check all the certificates within the chain to identify the certificate with the unsupported signature algorithm.

Generate a new certificate using one of the supported encryption algorithms documented here Create a Certificate Signing Request File

Apply the new certificate after the root CA sends the new certificate.

Retry the upgrade.

Replace Certificates