Local Manager certificate expired and unable to delete the expired certificate(Non Federated)
search cancel

Local Manager certificate expired and unable to delete the expired certificate(Non Federated)

book

Article ID: 411597

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

- There is a Local manager certificate that is showing as expired

- You are unable to delete the expired local manager certificate

Environment

VMware NSX

VMware NSX-T Data Center

Cause

Expired Local Manager certificate cannot be deleted as its referenced/used by the service type LOCAL MANAGER

Resolution

To delete this expired local manager certificate:

1. Create the new self signed certificate via the NSX UI ((CSR --> Generate CSR --> Self-Sign Certificate) make sure to select Service Certificate option as No)

2. Validate the new certificate using the API call: GET https://<nsx-mgr>/api/v1/trust-management/certificates/<certificate-id>?action=validate

3. To replace the local manager certificate use this POST API along with the body (JSON format):

POST https://<nsx-local-mgr>/api/v1/trust-management/certificates?action=set_pi_certificate_for_federation
{
    "cert_id": "<Here you will place the certificate ID>",
    "service_type": "LOCAL_MANAGER"
}

4. Lastly once its assigned, the old expired local manager certificate can now be deleted

 

Additional Information

Powered by Wolken Software