NSX UI/API certificate is not in use on an NSX manager node
Article ID: 377471
Updated On:
Products
VMware NSX
Issue/Introduction
- When viewing the System > Settings > Certificates page, you see that one of the API/UI certificates has a value of
0in the Where Used column.
Note: You can identify the API/UI certificates as they are named similar to tomcat certificate for node <NSX manager node name> or API certificate for node <NSX manager node name>. - When you query the
https://<NSX manager IP>/api/v1/trust-management/certificates/<certificate ID>API, you see that theused_byfield is blank.Note: You can obtain the<certificate ID>value in the NSX UI by expanding the affected certificate on the System > Settings > Certificates page. - The NSX manager node that should be listed in the Where Used column for the certificate is not listed in the Where Used column for any other API/UI certificate.
- If you access the NSX manager node via a web browser, you see that the expected certificate is present.
Environment
VMware NSX-T Data Center
VMware NSX
Resolution
Use the instructions noted at Replace Certificates Through API to reassociate the certificate to the appropriate NSX manager node. Since the certificate is an API/UI certificate, the API call would look similar to the following:
POSThttps://<NSX manager IP>/api/v1/trust-management/certificates/<certificate ID>?action=apply_certificate&service_type=API&node_id=<NSX manager node ID>
Note: You can obtain the <NSX manager node ID> value by clicking the View Details link under the appropriate NSX manager appliance on the System > Configuration > Appliances page.
Additional Information
Feedback
Yes
No
Powered by
