NSX UI/API certificate is not in use on an NSX manager node
Article ID: 377471
Updated On:
Products
VMware NSX
Issue/Introduction
- When viewing the System > Settings > Certificates page, you see that one of the API/UI certificates has a value of
0in the Where Used column.
Note: You can identify the API/UI certificates as they are named similar to tomcat certificate for node <NSX manager node name> or API certificate for node <NSX manager node name>. - When you query the
https://<NSX manager IP>/api/v1/trust-management/certificates/<certificate ID>API, you see that theused_byfield is blank.
Note: You can obtain the<certificate ID>value in the NSX UI by expanding the affected certificate on the System > Settings > Certificates page. - The NSX manager node that should be listed in the Where Used column for the certificate is not listed in the Where Used column for any other API/UI certificate.
- If you access the NSX manager node via a web browser, you see that the expected certificate is present.
Environment
VMware NSX-T Data Center 3.x
VMware NSX 4.x
Resolution
Use the instructions noted at Replace Certificates Through API to reassociate the certificate to the appropriate NSX manager node. Since the certificate is an API/UI certificate, the API call would look similar to the following:
POST https://<NSX manager IP>/api/v1/trust-management/certificates/<certificate ID>?action=apply_certificate&service_type=API&node_id=<NSX manager node ID>
Note: You can obtain the <NSX manager node ID> value by clicking the View Details link under the appropriate NSX manager appliance on the System > Configuration > Appliances page.
Additional Information
Feedback
Yes
No
Powered by
