Local Manager self-signed certificate still shows expired after running carr script
search cancel

Local Manager self-signed certificate still shows expired after running carr script

book

Article ID: 402687

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The following conditions are all true:

  • NSX Federation is in use
  • NSX 3.2.x is installed
  • Several self-signed certificates are in use
  • The carr script has been used to renew self-signed certificates that are either about to expire or have expired

 

After running the carr script as documented in the KB article "Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX", you still have one certificate that shows status Expired and "Where used" shows 2 like in the screenshot below:

Environment

VMware NSX 3.2.x

Cause

This happens because the federated local managers (LMs) have not yet refreshed certificates from each other.

Resolution

Simply run this API call (as-is) on one LM (local manager) appliance as root user from each site and then refresh the certificates tab - the expired certificate will no longer be present:
root@nsxmanager# curl -X POST -H "Content-Type: application/json" -H 'X-NSX-Username:admin' http://127.0.0.1:7441/api/v1/sites?action=refresh

Once you run this api call, the issue should be resolved.

Additional Information

Powered by Wolken Software