Error "PKIX path validation failed: java.security.cert.CertPathValidatorException" when deleting a OVDC group from Tenant UI
search cancel

Error "PKIX path validation failed: java.security.cert.CertPathValidatorException" when deleting a OVDC group from Tenant UI

book

Article ID: 386002

calendar_today

Updated On: 02-03-2025

Products

VMware Cloud Director

Issue/Introduction

Attempting to delete a OVDC group results in the following error: Tenant UI -> Networking -> Data Center Groups -> OVDC Group

com.vmware.vcloud.api.presentation.service.BadRequestException: Could not disable DFW for entity <VDC_Group Name>.
    at com.vmware.vcloud.networking.model.vdcgroup.nsxt.services.NsxTVdcGroupDfw.deleteDefaultSecurityPolicy(NsxTVdcGroupDfw.java:179)
.....
Caused by: org.springframework.web.client.RestClientException: Error occurred in the backing network provider: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors; nested exception is com.vmware.vapi.client.exception.SslException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

Environment

VMware Cloud Director 10.5

VMware Cloud Director 10.6

Cause

This issue occurs if NSX certificate is not trusted by VCD

Resolution

In order to resolve this issue, 
1. Ensure that the associated NSX's certificate is not expired and it is trusted by Cloud Director.
2. Refer to the Trusted Certificates section: Provider UI -> Administration -> Certificate Management -> Trusted Certificates, to verify if the NSX certificate is valid and not expired.
3. If the NSX certificate is expired, renew the same by referring to the document Replace Certificates
4. To trust the updated NSX certificate in Cloud Director, login to the provider portal. Navigate to Resources -> Infrastructure Resources -> NSX-T -> NSX-T Managers. Click on the NSX-T manager -> Edit. Provide the Username and password and save the details. 
5. After providing the credentials and clicking Save, the updated certificate will appear. Accept the certificate and save the connection.