NSX Manager upgrade stuck due to bad sslv3 certificate
search cancel

NSX Manager upgrade stuck due to bad sslv3 certificate

book

Article ID: 402919

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Upgrade NSX progressed on Edges > Hosts but is stuck on the NSX manager. 
  • The page is 'greyed out' as images below: 


  • On the logs /var/log/upgrade-coordinator/upgrade-coordinator.log file, it shows the below errors: 

    CBM_UPGRADE_COORDINATOR | SUCCESS: XX.XX.XXX.XXXX | Certificate with alias XXXXXX-XXX-XXXX-XXXXXXX | SUCCESS: XX.XX.XX.XX | of node XX.XX.XX.XX will be replaced with keystore | ERROR  : XX.XX.XX.XX    : CBM_UPGRADE_COORDINATOR's   | 'XX.XX.XX.XX' certificate  | certificate in keystore of node XX.XX.XXX.XXX does not match | with corfu server truststore of node XX.XX.XX.XX |
    ..
    WARN netty-8 NettyClientRouter 60510 userEventTriggered: unhandled event SslHandshakeCompletionEvent(javax.net.ssl.SSLHandshakeException: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate)
    ERROR netty-8 ClientHandshakeHandler 60510 exceptionCaught: Exception DecoderException caught.
    io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

Environment

VMware NSX

Cause

The "alert bad certificate" in the logs indicates issues related to the certificate on that NSX Manager.

Resolution

The CARR script can be used to update the certificate required by the NSX Manager.
Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX.

Powered by Wolken Software