NSX Application Platform Automation Appliance deployment wizard fails with an Error message when attempting to input a Harbor certificate,
search cancel

NSX Application Platform Automation Appliance deployment wizard fails with an Error message when attempting to input a Harbor certificate,

book

Article ID: 378539

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

NSX Application Platform Automation Appliance deployment wizard fails with an Error message when attempting to input a Harbor certificate,

Error Importing multiple CA certificate without leaf certificate is not allowed (Error code 2024) 

Environment

NAPP 4.2

Cause

NSX Application Platform Automation Appliance deployment wizard is expecting a leaf certificate (a certificate that is issued by a trusted Certificate Authority) and is not allowing the import of multiple CA certificates without a leaf certificate.

Resolution

To resolve this issue, push the server.crt first and then the harbor_ca.crt files to the NSX Application Platform Automation Appliance deployment wizard in a single attempt. 

This will allow the wizard to import the leaf certificate and the CA certificate correctly, resolving the error.

Additional Information

SSH to Harbor and retrieve the certificate, which is named server.crt and harbor_ca.crt in the /storage/certs directory.

 

root@harborselfsigned [ ~ ]# cd /storage/certs/
root@harborselfsigned [ /storage/certs ]# ls -al
total 36
drwxr-xr-x 2 root root 4096 Oct 19 15:21 .
drwxr-xr-x 6 root root 4096 Oct 19 15:21 ..
-rw-r--r-- 1 root root 50 Oct 19 15:21 extfile.cnf
-rw-r--r-- 1 root root 1972 Oct 19 15:21 harbor_ca.crt
-rw------- 1 root root 3272 Oct 19 15:21 harbor_ca.key
-rw-r--r-- 1 root root 41 Oct 19 15:21 harbor_ca.srl
-rw-r--r-- 1 root root 1691 Oct 19 15:21 harbor.corp.info.csr
-rw-r--r-- 1 root root 2025 Oct 19 15:21 server.crt
-rw------- 1 root root 3272 Oct 19 15:21 server.key