NSX certificate replacement fails with private key missing error
search cancel

NSX certificate replacement fails with private key missing error

book

Article ID: 428615

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

CSR generated from NSX manager.

CSR generated from NSX manager UI System > Certificate > CSR > Generate CA CSR option.

You may also see the following error while trying to import the certificate from NSX UI > System >Certificate > Import Certificate for CSR.

Environment

VMware NSX

Cause

CSR for this certificate is generated from NSX UI using Generate CA CSR option and NSX doesn't store a private key for certificate for CA CSR

Resolution

If you use the NSX UI/API to generate the CSR: You do not need private key. NSX generates it internally and stores it securely.

For a CA signed certificate with CSR generated from NSX UI, use Generate CSR option instead of Generate CA CSR

Additional Information

NSX CA Certificate Replacement fails with "certificate does not verify with supplied key"

Replace NSX Manager Certificates Using CA-Signed Certificates in NSX 4.x

Replace Certificates Through NSX Manager

Powered by Wolken Software