VDT reports "No SAN detected!" for NSX Manager and VIP certificates

search cancel

VDT reports "No SAN detected!" for NSX Manager and VIP certificates

book

Article ID: 413265

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

VDT will indicate that the NSX Manager and VIP certificates lack the Subject Alternative Name (SAN) field.

[FAIL] Certificate Trust Check

         Root Cert is missing from keystore "/etc/vmware/vcf/commonsvcs/trusted certificates.store" and "/etc/alternatives/jre/lib/security/cacerts".

Documentation: https://kb.vmware.com/s/article/86131

Notes: Refer to the KB above to add the Root Certificate to the keystores.

[PASS] Expiration Check

Server Certificate expires in #### days

[FAIL] Subject Alternative Name Check

No SAN detected!

Cause

Subject Alternative Name (SAN) field in the NSX Manager and VIP certificates were missing, which is crucial for the SDDC to establish trust with the NSX component's root certificates.

Resolution

To resolve the issue, the NSX Manager and VIP certificates has to be renewed using the steps outlined in Scripted process to replace expired or self-signed VMware NSX-T Manager Certificates with VMCA-Signed Certificates

Feedback

thumb_up Yes

thumb_down No