when I try to add NSX-T Managers (NSX-Tv3.2) to VMware Cloud Director 10.4 I face this issue
Any advice?
Kindly use a signed CA certificate with SAN for all NSX managers.
Hi,
First, generate a certificate with the NSX-T Manager's FQDN in the CN and SAN.
And you will have to enter the certificate in the API.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-50C36862-A29D-48FA-8CE7-...
But, if you are building a lab environment and single-node NSX-T Manager,
you can use the following two patterns of tips.
a)
Register NSX-T Manager with short name "https://nsx-01/" on VCD.
In this case, the VCD Appliance must have search domains configured for access to the NSX-T Manager by its short name.
b)
input FQDN (like a “nsx-01.xxx.xxx”) in "Network Property → Hostname" when deploying NSX-T Manger OVA, so the certificate CN/SAN is generated with FQDN.
and register NSX-T Manager with FQDN (like a "https://nsx-01.xxx.xxx/") on VCD.
Kindly use a signed CA certificate with SAN for all NSX managers.
Thank you for your ansuer
Can you please send me an articale for how to use a signed CA certificate with SAN for NSX managers
Hi,
First, generate a certificate with the NSX-T Manager's FQDN in the CN and SAN.
And you will have to enter the certificate in the API.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-50C36862-A29D-48FA-8CE7-...
But, if you are building a lab environment and single-node NSX-T Manager,
you can use the following two patterns of tips.
a)
Register NSX-T Manager with short name "https://nsx-01/" on VCD.
In this case, the VCD Appliance must have search domains configured for access to the NSX-T Manager by its short name.
b)
input FQDN (like a “nsx-01.xxx.xxx”) in "Network Property → Hostname" when deploying NSX-T Manger OVA, so the certificate CN/SAN is generated with FQDN.
and register NSX-T Manager with FQDN (like a "https://nsx-01.xxx.xxx/") on VCD.
I have Neested Lab
I tried to add short name "https://nsxt-01/" , but still the same issue
So, I will try to generate a certificate with the NSX-T Manager's FQDN . and inform you the result
hi,
Checking the CN/SAN in the screenshot of the certificate,
does it succeed if you enter "nsxt-01" to "nsx-01" ?
the host name as A record in DNS is (nsxt-01), so even when I used (nsx-01) still not exepted.
But I solved this isuee by replace the Self Signed NSX-T certificates with organization's CA signed certificate on NSX-T Manager and API