Hello community.
For some reason I can not enable L2VPN Service Status on the NSX because of the following error:
Configuration failed on NSX Edge vm <edge-01>.
[61952] Failed to add L2 VPN server configuration. : Invalid Certificate or Private Key
The CSR and SSC were generated.
During l2vpn configuration I point to the created certificate.
It is a fresh installation.
What have I missed?
Thanks
Hi Bridgegroup,
You have two options
- Use Edge Private key: On each edge generate a certificate request file, issue a certificate from that file from your CA, import the certificate (package) into the edge. In this case you are using the private key which is generated by the edge for request.
- Use Custom CA Private key: Import a certificate generated form your CA into the Edge. This has been generated with the private key of you CA.
More details on this are mentioned in this blog
Managing NSX Edge and Manager Certificates | Spas Kaloferov's Blog
Thanks
Azhar
In the second screenshot (l2vpn server settings) there is a checkbox "Use System Generated Certificate". Are you checking this setting? Other than that, everything looks great.
Hello grosas.
No, I do not check this box.
because.
If I use selfsignedcert (do not check this box) I get the following data like here ( selfsignedcert.png)
If I check this box then there is no data is in the cert field (system.cert.png)
In both cases I've got the same error -
Configuration failed on NSX Edge vm pGW-0.
[61952] Failed to add L2 VPN server configuration. : Invalid Certificate or Private Key
What's wrong? ....
Thanks
In the admin guide it does say to check the box for using self-signed certs. Maybe something went wrong during CSR / self-signing? I would:
- Delete the cert.
- Reboot the ESG
Open and observe logging for errors/exceptions
Manager > sh manager log follow
Edge > sh log follow
- Generate the CSR
- Self-Sign
- Reconfigure L2VPN server with cert
Hello grosas
It is a totally fresh installattion.
I had the same error before. So I restarted edge and recreate certificates.
The same problem.
though ssl-vpn service started without any problems
no ideas...
For one service there is no problems with cert for another - it's a nightmare...
Is HA enabled on the Edge appliance on which you are configuring the L2VPN?
I ran into this issue, was running HA. When I disabled HA, the issue was resolved.
I did the same setup as you on 6.1.4 and it failed with the same error.
I did the setup on 6.2.0 and now it accepts the config.
Try upgrading to 6.2.0
Hello p0wertje
It's really very strange.
I have to wait for several days without any changes and now it works.
I can not understand the reason of such behaviour.