• When adding NSX Manager Instance to VMware Cloud Director (VCD) it is possible to trust the NSX certificate, however when saving the configuration it is needed to trust the certificate again and this fails with the error:

  Certificate [CN=example-com, OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US] is already trusted

• The same issue happens when using FQDN or IP address to add NSX to VCD.

This issue occurs when the NSX Manager certificate does not include the NSX Managers address used when adding NSX Manager instance in VCD (either IP or FQDN) as a Subject Alternative Name (SAN).

OR

A previously trusted NSX Manager certificate is still stored in VCD Trusted Certificates, causing VCD to identify the reintroduced certificate as an already trusted object. As a result, the platform prevents re-integration to avoid duplicate or stale certificate entries.

1. Ensure that the NSX Managers have valid certificates with appropriate SAN entries. See Replacing Certificates.

2. Once the NSX Manager certificate is updated with the correct SAN, Add the Associated NSX Manager Instance to VMware Cloud Director and trust the new certificate.

To remove the stale certificate and re-register NSX manager:

1. Navigate to Trusted Certificates in VCD UI > Administration > Trusted Certificate

2. Remove the Stored NSX Certificate

3. Identify the certificate matching the NSX Manager and delete it.

4. Validate and Register Using FQDN

5. Ensure that the Subject Alternative Name (SAN) contains the correct NSX FQDN.

6. Re-register NSX with VCD using the full hostname (FQDN).