VMware Cloud Community
cvzrx
Contributor
Contributor
‎08-23-2022 12:48 AM
Jump to solution

NSX-T manager with vCD 10.4 certificate issue

when I try to add NSX-T Managers (NSX-Tv3.2) to VMware Cloud Director 10.4 I face this issue

 

ca.jpg

 

Any advice?

0 Kudos
2 Solutions

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎08-23-2022 04:57 AM
Jump to solution

Kindly use a signed CA certificate with SAN for all NSX managers.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

gowatana
Leadership
Leadership
‎08-23-2022 11:51 AM
Jump to solution

Hi,


First, generate a certificate with the NSX-T Manager's FQDN in the CN and SAN.
And you will have to enter the certificate in the API.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-50C36862-A29D-48FA-8CE7-...

 

But, if you are building a lab environment and single-node NSX-T Manager,
you can use the following two patterns of tips.

a)
Register NSX-T Manager with short name "https://nsx-01/" on VCD.
In this case, the VCD Appliance must have search domains configured for access to the NSX-T Manager by its short name.

b)
input FQDN (like a “nsx-01.xxx.xxx”) in "Network Property → Hostname" when deploying NSX-T Manger OVA, so the certificate CN/SAN is generated with FQDN.
and register NSX-T Manager with FQDN (like a "https://nsx-01.xxx.xxx/") on VCD.

 

View solution in original post

6 Replies
Sreec
VMware Employee
VMware Employee
‎08-23-2022 04:57 AM
Jump to solution

Kindly use a signed CA certificate with SAN for all NSX managers.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
cvzrx
Contributor
Contributor
‎08-23-2022 05:21 AM
Jump to solution

Thank you for your ansuer

Can you please send me an articale for how to use a signed CA certificate with SAN for NSX managers

0 Kudos
gowatana
Leadership
Leadership
‎08-23-2022 11:51 AM
Jump to solution

Hi,


First, generate a certificate with the NSX-T Manager's FQDN in the CN and SAN.
And you will have to enter the certificate in the API.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-50C36862-A29D-48FA-8CE7-...

 

But, if you are building a lab environment and single-node NSX-T Manager,
you can use the following two patterns of tips.

a)
Register NSX-T Manager with short name "https://nsx-01/" on VCD.
In this case, the VCD Appliance must have search domains configured for access to the NSX-T Manager by its short name.

b)
input FQDN (like a “nsx-01.xxx.xxx”) in "Network Property → Hostname" when deploying NSX-T Manger OVA, so the certificate CN/SAN is generated with FQDN.
and register NSX-T Manager with FQDN (like a "https://nsx-01.xxx.xxx/") on VCD.

 

cvzrx
Contributor
Contributor
‎08-24-2022 12:35 AM
Jump to solution

I have Neested Lab

I tried to add short name "https://nsxt-01/" , but still the same issue

Register NSX-T Manager.jpg

Register NSX-T Manager Cert.jpg

So, I will try to generate a certificate with the NSX-T Manager's FQDN . and inform you the result

0 Kudos
gowatana
Leadership
Leadership
‎08-25-2022 06:47 AM
Jump to solution

hi,

Checking the CN/SAN in the screenshot of the certificate,
does it succeed if you enter "nsxt-01" to "nsx-01" ?

 

cvzrx
Contributor
Contributor
‎08-30-2022 01:58 AM
Jump to solution

the host name as A record in DNS is (nsxt-01), so even when I used (nsx-01) still not exepted.

But I solved this isuee by replace the Self Signed NSX-T certificates with organization's CA signed certificate on NSX-T Manager and API

 

11.jpg

0 Kudos