Prepare NSX Edge Upgrade Bundle Failed due to certificate error
search cancel

Prepare NSX Edge Upgrade Bundle Failed due to certificate error

book

Article ID: 371650

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

When attempting to upgrade the NSX Edges, you see the messages similar to the following:

In the upgrade logs from the UI,

Prepare edge upgrade bundle <url>.nub failed on edge TransportNode <nodeID>: clientType EDGE , target edge fabric node id <nodeID>, return status Download and verify bundle failed with msg: Closing connection 0 .

or

The certificate with id <UUID> failed to parse with error: null. Please delete (if unused) or replace this certificate prior to upgrading

In the Edge Node var/syslog log file,

Error downloading nub '<url>.nub', output msg: , error msg: *   Trying (with httplib) <managerfqdn>:443...#012* certificate verification from <managerfqdn>:443 failed: Certificate <certificate details> does not use supported signature algorithm.#012* Closing connection 0#012curl_wrapper: (53) <certificate details> does not use supported signature algorithm.#012

Cause

The syslog messages confirm that the chosen certificate is using an unsupported signature algorithm. This requirement applies to all the certificates in the chain (leaf, intermediate and root). Unsupported algorithms included SHA1 and PSS.

Resolution

Check all the certificates within the chain to identify the certificate with the unsupported signature algorithm.

Generate a new certificate using one of the supported encryption algorithms documented here Create a Certificate Signing Request File

Apply the new certificate after the root CA sends the new certificate.

Retry the upgrade.

Additional Information