VMware Networking Community
waseemarif
Contributor
Contributor
‎10-22-2021 07:24 AM

vCloud Director v10.3 vs NSX-T error Certificate is already trusted

In a new vCD install, when you try to add your NSX-T (or V), you will get this error: “Certificate xxxx is already trusted.”

Suppose you upgrade your vCloud Director to version v10.3 and trying to deploy a new vApp, VM, or Network that uses NSX-T. In that case, you also get the same type of error, but now with a different message: “Certificate for <NSX-IP> doesn’t match any of the subject alternative names.”

I know this happens now in vCloud Director v10.3 because before v10.3 we could disable hostname verification for NSX-T, vCenter, and vSphere. But in the new v10.3 version, this option is only for vCenter and vSphere. So when we have an NSX-T added to our vCloud Director, or tying to add and have the URL:https://FQDN different from the common name that we have in the certificate, we get this type of error.

 

Just FYI I have tried creating a new certificate in which the certificate name is the same as the common name but vCD doesn't doesn't show that up. 

Any suggestions on how to resolve this?

0 Kudos
1 Reply
Sreec
VMware Employee
VMware Employee
‎10-22-2021 07:30 AM

Are you using SAN fields in NSX certs?  Most likely you are hitting with error mentioned in this thread 

https://www.paluszek.com/wp/2021/07/19/infrastructure-certificate-handling-changes-in-vmware-cloud-d... 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos