"The certificate with id failed to parse with error: null" error observed in NSX upgrade pre-check for CBM certificates
search cancel

"The certificate with id failed to parse with error: null" error observed in NSX upgrade pre-check for CBM certificates

book

Article ID: 401101

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Performed an upgrade pre-check and received warnings for NSX Managers:
    The certificate with id ######-####-####-####-########## failed to parse with error: null. Please delete (if unused) or replace this certificate prior to upgrading.
  • From UI, navigate to System > Certificates and look for the id mentioned in the warning.
  • The cerificate referring with name start with CBM_CLUSTER_MANAGER node ######-####-####-####-##########.
  • The NSX system was upgraded from 3.2.X and now on version 4.2.X.

Environment

NSX 4.2.X

Cause

In NSX-T 3.2.x, Cluster Boot Manager (CBM) service certificates were incorrectly given a validity period of 825 days instead of 100 years.
This was corrected to 100 years in NSX-T 3.2.3 and NSX 4.1.0.

In 4.2.x upgrade, CBM certificates has expired and showing a warning in NSX upgrade prechecks.

Resolution

  • Replace Cluster Boot Manager certificate in System > Certificates.

Click the expired CBM ceritifcate

Actions - Replace Certificates - Generate Self Signed Certificate

  • When certificate replacement finished, run NSX upgrade prechecks again and confirm no warnings present.

Additional Information

If replace certificates failed in UI, use carr script to replace certificates instead.
Reference:
Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX

Powered by Wolken Software