NSX - NSX Principal Identity Certificates continue to work after expiry
search cancel

NSX - NSX Principal Identity Certificates continue to work after expiry

book

Article ID: 384506

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • On NSX 4.1.x, Principial Identity associated with a certificate still authenticates successfully when the certificate expires
  • On NSX 4.1.x, alarms may indicate the Principal Identity Certificate has expired
  • On NSX 4.2.x, Principial Identity connections that worked on 4.1.x may no longer work

 

Environment

NSX 4.1.x

Cause

NSX 4.1 introduced Envoy for reverse-proxy. As part of these changes certificate expiry validation had an implementation issue. The impact of this issue may typically be observed post upgrade to NSX 4.2.x when the certificate expiry is correctly implemented and connections may no longer work.

Resolution

This issue is resolved in VMware NSX 4.2.0 available at Broadcom Downloads.
If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.