NSX Compute Manager Registration Errors After vCenter Certificate Renewal . Error Code: 90348
search cancel

NSX Compute Manager Registration Errors After vCenter Certificate Renewal . Error Code: 90348

book

Article ID: 424354

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

- vCenter root CA certificate was replaced with a new certificate that does not contain a Common Name (CN) in the Issuer and Subject fields
- NSX Compute Manager connectivity goes DOWN after the certificate replacement
- Attempts to edit the Compute Manager to import the new root certificate fail
- NSX is unable to find a valid trust root certificate for the vCenter server
- Customer is blocked from restoring Compute Manager connectivity

The NSX manager reported the following error message: "Failed to import trusted root certificate for computer manager xxxx code 90348."

Relevant logs to look:

var/log/cm-inventory.log(Unable to find valid VC root certificate):
2025-11-21T13:43:11.016Z  WARN http-nio-127.0.0.1-7443-exec-3 VcUtilsImpl 6104 SYSTEM [nsx@4413 comp="nsx-manager" level="WARNING" reqId="####" subcomp="cm-inventory" username="admin"] The CA cert : ######## is not valid due to Index 0 out of bounds for length 0
2025-11-21T13:43:11.016Z  INFO http-nio-127.0.0.1-7443-exec-3 VcUtilsImpl 6104 SYSTEM [nsx@4413 comp="nsx-manager" level="INFO" reqId="####" subcomp="cm-inventory" username="admin"] No valid Trust Root Certificate found. Checking any valid Intermediate Certificate for compute manager : <VCENTER-SERVER-FQDN>
2025-11-21T13:43:11.395Z  WARN http-nio-127.0.0.1-7443-exec-3 VcUtilsImpl 6104 SYSTEM [nsx@4413 comp="nsx-manager" level="WARNING" reqId="####" subcomp="cm-inventory" username="admin"] Found no valid root CA certificate for compute manager <VCENTER-SERVER-FQDN>

 

 

Environment

VMware NSX 9.x

Cause

The NSX root certificate identification logic relied solely on the Common Name (CN) field to match and validate the vCenter root CA certificate. When the vCenter root certificate was replaced with a certificate lacking a CN in the Subject field, NSX failed to identify it as a valid root certificate while updating Compute Manager, failing to import the certificate.

Resolution

Workaround:

Replace the vCenter root CA certificate with a certificate that includes a Common Name (CN) in the Subject field. Edit the Compute Manager in NSX to re-import the updated certificate.

Additional Information

This issue will be fixed in the upcoming 9.0. x maintenance release.

Powered by Wolken Software