unable to delete expired certificate NSX manager via GUI
search cancel

unable to delete expired certificate NSX manager via GUI

book

Article ID: 411783

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

A new NSX-T Manager Certificate has been deployed to replace the existing one which has expired. The new NSX-T certificate is not in use, as the old is still ‘used’ and can not be deleted.

Attempting to delete old certificate results in the error message

Error: Certificate cannot be deleted because it is used by 4 MP node(s). (Error code: 2022)

Environment

3.2.2 

Cause

As the old certificates are still assigned with NSX managers it will not be allowed to delete.  The old NSX manager certificates must be replaced with new certificates before deleting old certificates from NSX managers 

Resolution

Procedure to replace old certs with new certs via API is as below

  • To replace the API certificate of a manager node, use the following API call

POST /api/v1/trust-management/certificates/<cert-id>?action=apply_certificate&service_type=API&node_id=<node-id>

Repeat the above API for all 3 NSX managers by replacing the node-id with UUID of NSX managers 

  • To replace the certificate of the manager cluster VIP, use the API call

POST /api/v1/trust-management/certificates/<cert-id>?action=apply_certificate&service_type=MGMT_CLUSTER

Node-id -- UUID of NSX managers 

Cert-id -- UUID of New certificates imported to NSX manager.



Additional Information

Powered by Wolken Software