Re: NSX-ALB System-Default-Secure-Channel-Cert

rmart_73 · ‎08-15-2023

Not sure if this is the correct forum, but its as close to NSX-ALB (AVi) i could find.

We are seeing an issue after upgrading to version 22.1.4 where the System-Default-Secure-Channel-Cert is showing "Issuer Certificate Missing ca.local". In the Root/Intermediate CA section, the System-Default-Root-CA ca.local is there though. During the upgrade did it break the chain? If so, how can i fix it? I havent been able to find any good step by step procedures.

lucastiktok · ‎08-16-2023

I'm experiencing a similar issue in my environment.

EvertAM · ‎08-23-2023

It doesn't seem to be universal, we've recently upgrade to 22.1.4 but did not encounter the issue.

Based in the expiration dates, it seems like your System-Default-Root-CA was somehow renewed. Our controllers show the same expiration dates for both the root and the Secure-Channel-Cert (with the root expiring one second earlier).

You could try to renew the Secure-Channel-Cert, but that might be bit risky in a production environment.

rmart_73 · ‎08-24-2023

We ended up making a new load balancer and recreating the virtual services, even with VMware support we were unable to renew the cert. We haven't been able to find a cause either.

All

NSX-ALB System-Default-Secure-Channel-Cert