Security Intelligence notification on recommendation page "No trusted certificate found executing POST"
search cancel

Security Intelligence notification on recommendation page "No trusted certificate found executing POST"

book

Article ID: 378216

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Recommendations process works, but unable to view recommendations for any scoped group. We see below errorr :

"No trusted certificate found executing POST https://external-nsx-manager:443/policy/api/v1/batch?atomic=true"

The CA was missing from keystore/truststore, and project-contour logs also suggested something similar

project-contour logs

"2024-08-28T15:11:01Z\" level=error msg=\"can't use zero-length ca.crt value\" context=KubernetesCache kind=Secret name=recommendation-truststore namespace=nsxi-platform version=v1","kubernetes":{"pod_name":"projectcontour-contour-78cf584c66-nxblb","namespace_name":"projectcontour"

trust manager logs

c.v.n.k.t.s.i.TrustManagerServiceImpl\u001b[m: INTELLIGENCE [nsx@6876 comp=\"trust-manager\" level=\"INFO\" subcomp=\"trust-manager-core\"] UUID: 3dfc8599-9de7-4c48-98f7-6bd1fdb88f83 for new certificateData with EntityType: NSX_UA_NODE
c.v.n.k.t.s.i.TrustManagerServiceImpl\u001b[m: INTELLIGENCE [nsx@6876 comp=\"trust-manager\" level=\"INFO\" subcomp=\"trust-manager-core\"] certificate data is empty

contour logs

can't use zero-length ca.crt value

Cause

Truststore-reload-controller threads stopped generating logs in trust-manager log file. As a result, when manager certificates got updated around, they were updated in the DB but the changes were not reflected on various truststores. 

Resolution

We recommend reaching out to Broadcom Support team for further assistance. 

Powered by Wolken Software