VMWare NSX
This a known issue impacting the NSX due to an incomplete search filter when listing certificates in the Load-Balancing > Virtual Servers > LB Profiles configuration wizard, which can skip some certificates if they are externally signed.
To work around this issue, use the REST API to assign the desired certificate to the Virtual Server:
GET https://<nsx-mgr>/api/v1/loadbalancer/virtual-servers
to identify the UUID of the VS to editGET https://<nsx-mgr>/api/v1/loadbalancer/server-ssl-profiles
or GET https://<nsx-mgr>/api/v1/loadbalancer/client-ssl-profiles
to obtain the ID of a suitable SSL ProfileGET https://<nsx-mgr>/api/v1/loadbalancer/virtual-servers/<UUID>
to obtain the description record for this VS"client_ssl_profile_binding": {
"certificate_chain_depth": 3,
"client_auth": "IGNORE",
"default_certificate_id": "<cert UUID>",
"ssl_profile_id": "<ssl profile UUID>"
},
"server_ssl_profile_binding": {
"certificate_chain_depth": 3,
"server_auth": "IGNORE",
"ssl_profile_id": "<ssl profile UUID>"
}
,"server_ssl_profile_binding": {
"certificate_chain_depth": 3,
"server_auth": "IGNORE",
"default_certificate_id": "<cert UUID>",
"ssl_profile_id": "<ssl profile UUID>"
PUT https://<nsx-mgr>/api/v1/loadbalancer/virtual-servers/<UUID>
with the modified JSON block from previous as input, in order to update the VS in NSX