Reconnecting the NSX Compute Manager to the vCenter Server fails with an Internal Server Error in the NSX UI. The following error code and message are displayed, indicating an SSL handshake failure due to an expired certificate:

"module_name" : "common-services",
"error_message" : "Internal server error has occurred.",
"details" : "Request processing failed; nested exception is java.lang.RuntimeException: java.lang.RuntimeException: com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: Certificate expired for CN=####,OU=####,O=####,C=US",
"error_code" : 99

VMware vCenter Server 8.0.x

VMware NSX

VMware VCF

The custom certificate renewal process on the vCenter Server failed, causing the vCenter Server to present an expired custom CA-signed certificate during the SSL handshake with the NSX Manager.

1. Connect to the vCenter Server Appliance via SSH using the root account.

2. Utilize the vCenter Certificate Management utility (certificate-manager) or the vCert utility to successfully regenerate and apply the custom CA-signed certificates, if the cert is not already replaced. For more details, refer to KB: vCert - Scripted vCenter expired certificate replacement

3. Restart all vCenter services to ensure the new certificate chain is loaded into memory: service-control --stop --all && service-control --start --all

4. Log in to the NSX Manager UI.

5. Navigate to System > Fabric > Compute Managers.

6. Select the affected Compute Manager and click Edit.

7. Re-enter the vCenter Server administrative credentials and save the configuration to re-register the endpoint. Accept the new certificate thumbprint when prompted.

The Compute Manager connection is down in NSX

Error reconnecting compute manager to NSX