NSX UI/API certificate is not in use on an NSX manager node
search cancel

NSX UI/API certificate is not in use on an NSX manager node

book

Article ID: 377471

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When viewing the System > Settings > Certificates page, you see that one of the API/UI certificates has a value of 0 in the Where Used column.
    Note: You can identify the API/UI certificates as they are named similar to tomcat certificate for node <NSX manager node name> or API certificate for node <NSX manager node name>.
  • When you query the https://<NSX manager IP>/api/v1/trust-management/certificates/<certificate ID> API, you see that the used_by field is blank.Note: You can obtain the <certificate ID> value in the NSX UI by expanding the affected certificate on the System > Settings > Certificates page.
  • The NSX manager node that should be listed in the Where Used column for the certificate is not listed in the Where Used column for any other API/UI certificate.
  • If you access the NSX manager node via a web browser, you see that the expected certificate is present.

Environment

VMware NSX-T Data Center 

VMware NSX

 

Resolution

Use the instructions noted at Replace Certificates Through API to reassociate the certificate to the appropriate NSX manager node. Since the certificate is an API/UI certificate, the API call would look similar to the following:

POST https://<NSX manager IP>/api/v1/trust-management/certificates/<certificate ID>?action=apply_certificate&service_type=API&node_id=<NSX manager node ID>

Note: You can obtain the <NSX manager node ID> value by clicking the View Details link under the appropriate NSX manager appliance on the System > Configuration > Appliances page.

Additional Information