When importing an Intermediate/CA certificate the NSX-ALB controller freezes up, and results in a "Service Timeout" error.
search cancel

When importing an Intermediate/CA certificate the NSX-ALB controller freezes up, and results in a "Service Timeout" error.

book

Article ID: 377870

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

When an Intermediate/CA certificate is imported to a controller via the GUI it fails with "service timeout"

Environment

Affects Versions: 21.1.x, 22.1.x, 30.1.x, 30.2.x

Cause

This is a known issue with controller system with a high number of certificate objects (in the hundreds).  The current design involves updating all certificate chains for every certificate upload/import to the controller.  When controller has a high number of certificates (in the hundreds) the default POST /api/sslkeyandcertificate API timeout is not sufficient for the updating chaining certificate operation leading to the service timeout.  The GUI displays a timeout error, however the functionality is working correctly in the background and after some time the certificate is imported and populates in the GUI.    

Resolution

This area with certificate management will be redesigned in the GA release of version 31.x.x which will address this service timeout issue. 

Workaround(s):

Import the certificate via CLI

configure sslkeyandcertificate <name>
certificate
certificate --
Paste the body of the cert abd enter
type and enter - END
save
save

Import the certificate via API with a client where you can set the request timeout to "0" 

POST /api/sslkeyandcertificate

Body:

{
  "certificate": {
    "certificate": "-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"
  },
  "type": "SSL_CERTIFICATE_TYPE_CA",
  "name": "CERT_NAME"
}

***NOTE: please add \n characters in each line of the certificate. 

Postman request timeout setting:

 

Powered by Wolken Software