• When adding NSX Manager Instance to VMware Cloud Director (VCD) it is possible to trust the NSX certificate, however when saving the configuration it is needed to trust the certificate again and this fails with the error below:
  
  Certificate [CN=example-com, OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US] is already trusted

VMware Cloud Director 10.6

VMware NSX 4.2

This issue occurs when the NSX Manager certificate does not include the NSX Managers address used when adding NSX Manager instance in VCD (either IP or FQDN) as a Subject Alternative Name (SAN).

OR

A previously trusted NSX Manager certificate is still stored in VCD Trusted Certificates, causing VCD to identify the reintroduced certificate as an already trusted object. As a result, the platform prevents re-integration to avoid duplicate or stale certificate entries.

Ensure that the NSX Managers have valid certificates with appropriate SAN entries. For more information on replacing NSX Manager certificates, refer to the NSX documentation on Replacing Certificates.

Once the NSX Manager certificate is updated with the correct SAN, Add the Associated NSX Manager Instance to VMware Cloud Director and trust the new certificate.

To remove the stale certificate and re-register NSX manager:

Navigate to Trusted Certificates

• VCD UI → Administration → Trusted Certificates

Remove the Stored NSX Certificate

• Identify the certificate matching the NSX Manager and delete it.

Validate and Register Using FQDN

• Ensure that the Subject Alternative Name (SAN) contains the correct NSX FQDN.

• Re-register NSX with VCD using the full hostname (FQDN).