'Certificate expired' alarm occurred in NSX UI but not seen in SDDC Manager
Article ID: 389616
Updated On:
Products
VMware NSX
Issue/Introduction
- NSX Manager deployed by VMware Cloud Foundation.
- NSX Manager UI shows alarm of 'Certificate expired'.
- However the alarm does not happen in SDDC Manager UI.
Environment
VMware NSX
VMware Cloud Foundation
Cause
SDDC Manager automatically rotates NSX Manager API certificates. But those old certificates which have been rotated remain in NSX Manager trust store that cause alarms happening.
Resolution
- The alarm has no production impact.
- Use below API request to check if those certificates are being used or not.
GET https://<NSX-Manager-IP-or-FQDN>/api/v1/trust-management/certificates/<Cert-ID>Read the below documentation about how to get the certificate ID: Register the SSL Certificate and Private Key with the NSX API Server
- If '
Used by' field is empty the certificate is not used by any entity and can be safely deleted fromNSX UI - System - Certificates.
Feedback
Yes
No
Powered by
