This article provides guidance on replacing expired or outdated Local Manager (LM) certificates in NSX 3.x. The process includes removing an expired certificate and assigning a new one.
Issue: Unable to remove expired LM certificate, and encountering the error message:
VMware NSX 3.x
The expected certificate profile for LOCAL_MANAGER
may not be created or configured on the NSX-T Manager. This can happen if the setup process was incomplete or if the profiles were deleted or not assigned correctly.
To replace the expired Local Manager certificate in NSX 3.x, follow these steps:
Open Postman API Client
Set Up API Request in Postman
<nsx-mgr>
with your NSX-T Manager server’s IP or hostname in the URL below:
POST
Basic Auth
and enter your NSX-T Manager login credentials.Content-Type
to application/json
.raw
format.JSON
.<id>
with the new certificate ID:
Send
to apply the new certificate.Verify the New Certificate Assignment
Check Certificate Usage (for Earlier NSX-T Versions)
"used_by": []
in the response, which indicates that the certificate is not in use.Delete the Old Certificate
For further information, refer to VMware’s official documentation on replacing certificates in NSX-T: VMware NSX-T Certificate Replacement Documentation.