Deploy a new edge failed  from the NSX UI with the following similar message:

NSX API log: (/var/log/proton/nsxapi.log)

"errorMessage=Error occurred during vmdk transfer. javax.net.ssl.SSLHandshakeException CRL check failed: Couldn't find signing principal of the CRL CN=XXX"

NSX CM Inventory log : (/var/log/cm-inventory/cm-inventory.log)

2024-10-16T01:14:47.227Z  INFO Thread-17 CrlWebFetcher 4860 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="cm-inventory"] Fetching CRL from http://crl.xxx.crl
2024-10-16T01:14:47.237Z  WARN Thread-17 CdpCrlChecker 4860 SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="cm-inventory"] No CDP specified in the certificate for CN=xxx

VMware NSX

While syncing the inventory with vCenter, the NSX-T manager makes a call back to a certificate authority (CA) to validate the certificates. In this case, PSC provides the bare minimum functionalities of a CA. Thus we need to disable this call-back function on the NSX-T manager. 

1.Run the API against the NSX Manager to disable the CRL check. 

GET https://{{nsx manager ip}}/policy/api/v1/infra/security-global-config

This returns a few flags in a JSON structure, one of which is called
"crl_checking_enabled": "true".

2. Modify "true" to "false" and use that JSON structure as the body for the API

PUT https://{{nsx manager ip}}/policy/api/v1/infra/security-global-config