VMware Networking Community
Mayalu
Contributor
Contributor
‎11-07-2023 07:24 AM

Expired Self-signed Certs After Upgrade

After upgrading from v3.2.2 to v4.1.2, I see lots of warnings about expired self-signed certs issued to internal services such as ar, ccp, mp, monitoring, cluster-manager, and idps-reporting.  There are three warnings for each service, one for each node.  Looks like they expired a year ago, but are just now throwing warnings.  Are these legacy certs that aren't needed after the upgrade?  Can they be safely deleted?

NSX is working fine even with all the expired certs.

0 Kudos
1 Reply
lukasrueckerl
Enthusiast
Enthusiast
‎11-14-2023 10:49 PM

Hi, 

please see this handbook by luca19100 for reference: https://communities.vmware.com/t5/VMware-NSX-Documents/NSX-Certifcates-Management-Cookbook/ta-p/2992...

Since NSX-T 4.1 a lot more certificates previously used internally but not visible are now visible in the GUI.

These certificates are important for management and control plane connectivity.

Feel free to reach out to the support team if you need help in replacing these.

 

Regards,
Lukas

-------------------------------------------
VCIX-NV + VCIX-DCV 2023
Please mark resolved issues as such. Kudos are appreciated.