Deploying a NSX Manager node fails with error: certificate validation failed "no alternative certificate subject name matches target host name".
search cancel

Deploying a NSX Manager node fails with error: certificate validation failed "no alternative certificate subject name matches target host name".

book

Article ID: 378849

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

  • When deploying a NSX Manager node you receive the error: OVF certificate validation failed. Error: Error while fetching ovf file. er: (51) SSL: no alternative certificate subject name matches target host name
  • In the NSX Manager logs, you may see the follow entry in the log file /var/log/proton/nsxapi.log

[YYYY-MM-DDTHH:MM:SS]  INFO ActivityWorkerPool-1-19 OvfOperator 85672 FABRIC [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Error occurred :: com.vmware.nsx.management.ovfops.exception.CertificateManifestValidationError: OVF certificate validation failed. Error: Error while fetching ovf file. er: (51) SSL: no alternative certificate subject name matches target host name '<FDQN>'

Environment

VMware NSX 

VMWare NSX-T

Cause

The certificate common name (or Subject Alternative Name) applied to the node(s) is incorrect or may not be assigned to the specified FQDN of the Manager node(s).

Resolution

Correct the certificate so that the common name matches the FQDN applied to the node or there is a Subject Alternative Name entry with the FQDN.

Additional Information

Powered by Wolken Software