Unable to add certificates to an IPSec VPN Tunnel on an NSX-T Edge Gateway in the VMware Cloud Director Provider Portal
search cancel

Unable to add certificates to an IPSec VPN Tunnel on an NSX-T Edge Gateway in the VMware Cloud Director Provider Portal

book

Article ID: 374411

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • You cannot add a server or CA certificate when using certificate authentication mode during the Add IPSec VPN Tunnel workflow for an Edge Gateway in VMware Cloud Director (VCD).
  • When you click the Select button to add a certificate on the Peer Authentication Mode step of the workflow, the Use VMware Cloud Director Certificate window does not show the desired certificate.

Environment

VMware Cloud Director 10.x

Cause

This issue occurs when the server and CA certificates are not added to the Certificates Library in the same Organization that the Edge Gateway is scoped for.

Resolution

To resolve this issue, upload the server and CA certificates to the Certificates Library for the Organization of the Edge Gateway.

  1. Log into the Cloud Director UI as a System Administrator user.
  2. Select the Organization where the Edge Gateway exists and click Open in tenant portal.
  3. In the Tenant Portal view, click Administration at the top of the window.
  4. In the sidebar click Certificates Library.
  5. Click Import and add the server and CA certificates one at a time.

    Note: For a certificate to be used as a CA certificate, it must be uploaded without a private key. When importing a CA certificate, skip the Upload Private Key step of the Import Certificate workflow.

  6. Return to the IPSec VPN view of the Edge Gateway and attempt to add the IPSec VPN Tunnel again.

Additional Information

For more information about adding an IPSec VPN Tunnel to an Edge Gateway in VMware Cloud Director, see Configure NSX Policy-Based IPSec VPN in the VMware Cloud Director Service Provider Admin Portal.

Powered by Wolken Software