TKGI tile installation fails due to missing or invalid NSX-T Manager certificate
search cancel

TKGI tile installation fails due to missing or invalid NSX-T Manager certificate

book

Article ID: 298538

calendar_today

Updated On: 01-10-2025

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

Symptoms:

In the failed BOSH task debug logs below error message could be found
"errand_name":"pks-nsx-t-precheck","exit_code":1,"stdout":"\nPKS NSX-T PRECHECK\n\nChecking NSX version\n",
"stderr":"NSX Manager CA certificate is invalid\nERROR: NSX-T Precheck failed due to error code:

Environment


Cause

While installing Pivotal Container Service (PKS) tile if post deploy errands are on for the NSX-T Validation errand. This errand tries to validate your NSX-T configuration and will tag the proper resources. To do so it tries to connect to NSX-T Manager using the certificate configured using these steps. If this certificate is invalid, the precheck fails.

Resolution

  • Get the current certificate used by NSX-T Manager using
    openssl s_client -host $NSX-ADDRESS -port 443 -prexit -showcerts
  • Copy the certificate under NSX-T Manager CA under NSX-T in PKS tile.
  • Enable Disable SSL certificate verification? if the certificate is self-signed.