Error: "I/O error on GET request for "https://<NSX_MANAGER_ADDRESS>:443/policy/api/v1/infra" and "validity check failed - NotAfter: <DATE>" when attempting to use networking and security services
search cancel

Error: "I/O error on GET request for "https://<NSX_MANAGER_ADDRESS>:443/policy/api/v1/infra" and "validity check failed - NotAfter: <DATE>" when attempting to use networking and security services

book

Article ID: 383916

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Cloud Director users cannot access network and security services in the Tenant portal.
  • Firewall rules are not shown when navigating to Networking > Edge Gateways > Edge Name > Services > Firewall.
  • An error is shown in the Cloud Director UI of the form:

I/O error on GET request for "https://<NSX_MANAGER_ADDRESS>:443/policy/api/v1/infra
PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed - validity check failed - NotAfter: <DATE>

Environment

  • VMware Cloud Director 10.6.x
  • VMware Cloud Director 10.5.x
  • VMware NSX

Cause

This issue occurs if the certificate on the NSX Manager has expired.
Cloud Director provides networking and security services via the registered NSX Managers which must have a valid certificate for Cloud Director to be able to connect to the NSX API.

Resolution

To resolve this issue, ensure the NSX Managers to which Cloud Director connects have valid certificates that have not expired and contain valid SAN entries.
See the NSX documentation for more details on replacing the NSX Manager certificates, Replacing Certificates.

Once the NSX Manager certificate has been updated and is valid please update the NSX Manager registration in Cloud Director and trust the new certificate in Cloud Director if required, Register an NSX-T Manager Instance withVMware Cloud Director.
Example steps would be as follows:

  1. Log into the Cloud Director Provider portal as a System Administrator.
  2. Navigate to Infrastructure Resources > NSX-T > NSX-T Managers and click on the NSX Manager in question.
  3. Click EDIT to open the NSX Manager details.
  4. Click SAVE to have Cloud Director verify the connection settings and trust the new NSX Manager certificate if prompted.
  5. Confirm that the issue is resolved and access to NSX networking and security services through the Cloud Director UI are now available.