NSX installation in a SDDC fails with "Error: (51) SSL: no alternative certificate subject name matches target host name"
search cancel

NSX installation in a SDDC fails with "Error: (51) SSL: no alternative certificate subject name matches target host name"

book

Article ID: 427035

calendar_today

Updated On:

Products

VMware NSX VMware SDDC Manager

Issue/Introduction

  • When attempting to install NSX on ESXi hosts in a VMware Cloud Foundation (VCF) environment, the process faied and you observe the following error messages in the UI:
    Failed to install software on host. NSX Manager <NSX-Manager-FQDN> has invalid API certificate. Error: (51) SSL: no alternative certificate subject name matches target host name '<NSX-Manager-FQDN>'
  • You have verified that the "Subject Alternative Name:" is set to use DNS.   
    echo | openssl s_client -connect <NSX Manager FQDN >:443 2>/dev/null | openssl x509 -noout -text
    ....
     X509v3 Subject Alternative Name:
                    DNS:*.<Domin name>
    ....
 

Environment

VMware Cloud Foundation
VMware NSX

 

Cause

The NSX Manager FQDN is resolving to an IP address that does not match the certificate validation, or the DNS records (Forward/Reverse) are incorrect.

Resolution

Ensure the DNS records and FQDN match the Subject Alternative Name (SAN) or Common Name (CN) specified in the NSX Manager certificate.

  1. Correct the DNS records for the NSX Manager.

  2. Retry the NSX installation or Transport Node profile creation.

Additional Information

Unable to upgrade NSX on host after upgrading ESXi to 8.0u3

Adding Host through SDDC fails with "Unable to create transport node collection with profile abcd on compute collection XYZ through nsxmanager"

Powered by Wolken Software