• Unable to replace or rotate certificates associated with Cloud Boot Manager (CBM) services, as the changes fail to commit. Certificate modifications cannot be performed through the CARR script, UI, or CLI.

• The following log footprints are observed within carr.log:

  XXXX-XX-XX XX:XX:XX,215 - consoleLogger - MainThread - INFO - driver.py:235 - Validating 'STALE-CERTIFICATES' certificate ...
  XXXX-XX-XX XX:XX:XX,216 - carr.validations.ver32.stale_certs_validator - MainThread - INFO - stale_certs_validator.py:261 - No stale certificates were found.
  XXXX-XX-XX XX:XX:XX,216 - consoleLogger - MainThread - INFO - driver.py:235 - Validating 'APH_AR' certificate ...

VMware NSX

The individual certificate asset is tied to three distinct service endpoints simultaneously. Two of these endpoint bindings map directly to deprecated, stale CBM services, while the third binding maps to an actively required operational service. Because the CBM service framework is deprecated within the NSX 4.2.x release line, the CARR automation tool skips the validation blocks for these components and fails to clean up or flag the old entries. The active binding locks across the stale CBM services prevent both UI and API requests from updating the cluster's Corfu datastore.

If you encounter a similar issue, please open a support case with Broadcom Support for further assistance.

KB- Creating and managing Broadcom cases