In a new vCD install, when you try to add your NSX-T (or V), you will get this error: “Certificate xxxx is already trusted.”
Suppose you upgrade your vCloud Director to version v10.3 and trying to deploy a new vApp, VM, or Network that uses NSX-T. In that case, you also get the same type of error, but now with a different message: “Certificate for <NSX-IP> doesn’t match any of the subject alternative names.”
I know this happens now in vCloud Director v10.3 because before v10.3 we could disable hostname verification for NSX-T, vCenter, and vSphere. But in the new v10.3 version, this option is only for vCenter and vSphere. So when we have an NSX-T added to our vCloud Director, or tying to add and have the URL:https://FQDN different from the common name that we have in the certificate, we get this type of error.
Just FYI I have tried creating a new certificate in which the certificate name is the same as the common name but vCD doesn't doesn't show that up.
Any suggestions on how to resolve this?
Are you using SAN fields in NSX certs? Most likely you are hitting with error mentioned in this thread