Note: If this KB does not match your issue, there is a similar issue "OVF certificate validation failed. Error: [VALIDATION_ERROR: CERTIFICATE_EXPIRED; ]" error for NSX Manager deployment or Deploying a service vm ( SVM ) in NSX fails due to "Error creating agency for deployment unit ########-####-####-####-############. OVF certificate validation failed".

VMware NSX

The primary cause of the deployment failure has been an expired OVF certificate used by the existing NSX Manager nodes for deploying new appliances. Specifically, the Tomcat certificates (Service Type = API) and/or mp-cluster certificates (Service Type = MGMT_CLUSTER) have expired on the operational NSX Manager nodes.

Once these certificates have expired, NSX Manager’s ability to trigger deployment workflows for new Managers or Edges has been affected, resulting in the observed OVF certificate validation failure. This has been identified as expected product behavior.

1. Renew the Expired Certificate(s): Navigate to the NSX Manager UI under System > Certificates and check the status of certificates associated with the API and/or MGMT_CLUSTER service types. Renew the expired certificate(s) associated with the API and/or MGMT_CLUSTER service types on the existing NSX Manager nodes.
2. Delete Failed Deployment: Delete any previously failed deployment attempts of the NSX Manager from your virtualization platform (e.g., vCenter).
3. Redeploy NSX Manager: Initiate the deployment of the third NSX Manager node again.