curl -k -u 'admin:[PASSWORD]' -X POST 'https://[NSX MANAGER]/api/v1/trust-management/certificates/[CERT UUID]?action=apply_certificate&service_type=API&node_id=[NODE_UUID]'
{
"httpStatus" : "BAD_REQUEST",
"error_code" : 2078,
"module_name" : "internal-framework",
"error_message" : "Some error has occurred."
}
/var/log/syslog
[TIMESTAMP] [NSX MANAGER] NSX SYSTEM [nsx@6876 comp="nsx-manager" errorCode="MP2078" level="ERROR" reqId="[REQ UUID]" subcomp="manager" username="admin"] Invalid Certificate - ERROR: Certificate CN=[CN],OU=[OU],O=[O],C=[C] does not have a supported algorithm or key-size
openssl x509 -in cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
[SERIAL NO.]
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = [C], O = [O], OU = [OU], organizationIdentifier = [OI], CN = [CN]
Validity
Not Before: [TIMESTAMP]
Not After : [TIMESTAMP]
Subject: C = [C], O = [O], OU = [OU], organizationIdentifier = [OI], CN = [CN]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4095 bit) <<<<<<<
VMware NSX-T Data Center 3.2.x
VMware NSX 4.x
A key length of 4095 is supported from VMware NSX 4.1.2.4.
Workaround:
Use a supported key length. The following API call returns the supported key lengths.
curl -k -u admin "https://[NSX MANAGER]/api/v1/trust-management"
{
"supported_algorithms" : [ {
"name" : "RSA",
"key_size" : [ 2048, 3072, 4096 ]
}, {
"name" : "EC",
"key_size" : [ 256, 384, 521 ]
} ]