• You want to run the script attached to the Using Certificate Analyzer, Results and Recovery (CARR) Script article.
• You have no Linux-based system where Python is installed or can be installed.
• The versions of your NSX manager nodes and vCenter Server nodes do not have the required Python version installed.

VMware NSX 4.1 or lower
vCenter Server 7.x or lower

• The script attached to the Using Certificate Analyzer, Results and Recovery (CARR) Script article, to fix certificate related issues in NSX, requires a Linux-based operating system with Python 3.8 or higher installed.

One of the easiest ways to create a virtual machine for use with the CARR script is to use VMware Photon OS. 

1. Download the OVA with virtual hardware v15 (Supports both BIOS and UEFI boot, default is UEFI) item from Downloading Photon OS.
2. Deploy the OVA to your vCenter Server. Be sure to select a network that will result in the VM having access to the NSX manager systems as well as internet access (if possible). 
3. Power on the VM.
4. Login as root with the password, changeme. You will be prompted to change the password.
5. If a DHCP server is present on this network, the VM will boot up with a DHCP-provided IP address. Otherwise, an IP address will need to be configured manually. You can check and configure the networking with the following commands
   
   
   1. networkctl
      
      Note: You should see output similar to the following:
      
      IDX LINK TYPE     OPERATIONAL SETUP
        1 lo   loopback carrier     unmanaged
        2 eth0 ether    routable    configured
      
      2 links listed.
      
      
   2. You can run the networkctl status <interface> command to see the configured IP address:
      
      Sample output:
      
      networkctl status eth0
      
      2: eth0
                          Link File: /usr/lib/systemd/network/99-default.link
                        Network File: /etc/systemd/network/99-dhcp-en.network
                              State: routable (configured)
                        Online state: online
                                Type: ether
                                Path: pci-0000:0b:00.0
                              Driver: vmxnet3
                              Vendor: VMware
                              Model: VMXNET3 Ethernet Controller
                  Alternative Names: eno1
                                      enp11s0
                                      ens192
                    Hardware Address: 00:xx:xx:xx:79:13 (VMware, Inc.)
                                MTU: 1500 (min: 60, max: 9000)
                              QDisc: fq_codel
        IPv6 Address Generation Mode: eui64
            Number of Queues (Tx/Rx): 1/1
                    Auto negotiation: no
                              Speed: 10Gbps
                              Duplex: full
                                Port: tp
                            Address: ##.##.0.56
                                      f###::###:###:fead:7913
                            Gateway: ##.##.0.1
                                DNS: ##.##.0.2
                  Activation Policy: up
                Required For Online: yes
      
      
   3. In Step 5a, if OPERATIONAL is no-carrier and SETUP is configuring, there is either no DHCP server configured or there is an issue communicating with the DHCP server. You will need to correct any issues or configure an IP address manually (see next step). Otherwise, proceed to Step 6.
   4. To configure an IP address manually, enter commands similar to the following:
      
      cat > /etc/systemd/network/10-static-en.network << "EOF"
      
      [Match]
      Name=eth0
      
      [Network]
      Address=##.##.0.56/24
      DNS=##.##.0.2
      Gateway=##.##.0.1
      EOF
      
      Note: Replace eth0 with the name of the interface returned in Step 5a, replace all IP addresses with addresses specific to your infrastructure.
      
      systemctl restart systemd-networkd
      
      
   5. Re-run Step 5b to ensure you have a valid IP address configured.
      
      
6. The tar utility needs to be installed to extract the contents of the attachment on this article. Run tdnf install tar -y to install tar.
   
   Note: If you get an error from the previous command that includes, “Couldn’t resolve host name”, ensure that your DNS server is configured correctly in the VM and that you can reach https://packages.vmware.com (curl can be used to test this). If the VM simply has no internet access, you can use an ISO as the source of the tar installer package instead of needing an internet connection.
   
   
   1. Download the Full ISO x86_64 item from Downloading Photon OS.
   2. Attach the iso to the VM (either via uploading to a datastore or via client connection)
   3. In the VM, run mount /mnt/cdrom. This command should return no output but a subsequent df command will show it as being mounted.
   4. Issue the following command to create a local yum repository:
      
      cat > /etc/yum.repos.d/photon-local.repo << “EOF”
      
      [photon-local]
      name=”Photon Local Repository”
      baseurl=file:///mnt/cdrom/RPMS/
      enabled=1
      gpgcheck=0
      EOF
      
      
   5. Rerun the tdnf install tar -y command from Step 6 to install the tar command.
      
      
7. You can now follow the Execution Steps from the Resolution section of Using Certificate Analyzer, Results and Recovery (CARR) Script.

Using Certificate Analyzer, Results and Recovery (CARR) Script

Photon OS Documentation