Error ‘I/O error on GET request for "https://<NSX_MANAGER_ADDRESS>:443/policy/api/v1/infra": Certificate doesn't match any of the subject alternative names’ when attempting to use Networking and Security Services
search cancel

Error ‘I/O error on GET request for "https://<NSX_MANAGER_ADDRESS>:443/policy/api/v1/infra": Certificate doesn't match any of the subject alternative names’ when attempting to use Networking and Security Services

book

Article ID: 385510

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Cloud Director users cannot access network and security services in the Tenant portal.
  • In the VMware Cloud Director tenant portal, navigate to: Datacenters > Select the Org VDC > Networking > Edges > Edge Gateways > Edge Name > Services > NAT.
  • An error message is displayed in the Cloud Director UI as follows:

Error: I/O error on GET request for "https://<NSX_MANAGER_ADDRESS>:443/policy/api/v1/infra/": Certificate doesn't match any of the subject alternative names.

  • The "Test Remote Connection" under Provider Portal -> Administration -> Certificate Management -> Trusted Certificates fails with the following error:

Connection could not be established to "NSX_MANAGER_ADDRESS". Certificates have not been trusted.

Environment

  • VMware Cloud Director 10.5.x
  • VMware NSX

Cause

This issue occurs when:

  • The NSX Manager certificate does not include the NSX Managers address (either IP or FQDN) as a Subject Alternative Name (SAN).
  • The NSX Manager hostname does not match the Common Name (CN) in the certificate.

 

Resolution

To resolve this issue, ensure that the NSX Managers, to which the VMware Cloud Director connects, have valid certificates with appropriate SAN entries. For more information on replacing NSX Manager certificates, refer to the NSX documentation on Replacing Certificates.

Once the NSX Manager certificate is updated and valid, follow these steps to update the NSX Manager registration in Cloud Director and trust the new certificate, if required, Register an NSX-T Manager Instance with VMware Cloud Director

Steps:

  1. Log in to the Cloud Director Provider portal as a System Administrator.
  2. Navigate to Infrastructure Resources > NSX-T > NSX-T Managers and click on the relevant NSX Manager.
  3. Click EDIT to open the NSX Manager details.
  4. Click SAVE to allow Cloud Director to verify the connection settings and trust the updated NSX Manager certificate if prompted.
  5. Confirm that the issue is resolved, and access to NSX networking and security services through the Cloud Director UI is restored.