VMware NSX

Hello,

I just did a certificate change for VIP and NSX-T Manager nodes due to an alarm that was popping up regarding certificate expiration, everything went smoothly.

But I still have an issue, with 2 alarms that are related as far I understood the "Local Manager" Certificate used for the Federation so I tried to change it as well but no luck, from this api call in documentation:

api/v1/trust-management/certificates?action=set_pi_certificate_for_federation

and adding on the body of the req in json format I believe, nothing is clearly written on the doc:

{

"cert_id": "new cert id",

"service_type": "LOCAL_MANAGER"

}

----
respose from the API:
{
"httpStatus": "BAD_REQUEST",
"error_code": 2078,
"module_name": "internal-framework",
"error_message": "Some error has occurred."
}


Now I hope someone could help me to understand two things:
- how change proprely this local manager certficate
- what happen to nsx if I leave this certificate expired used by "local_manager" object (I believe nothing until I'm not using Federation but maybe someone can put some light on this)


link to doc that I used:
https://nsx.techzone.vmware.com/resource/nsx-t-30-operation-guide#_Toc90749

Thanks 

The alarm now is gone, the solution was using another certificate SelfSigned as it is by default for LocalManager.

Do you know if NSX-T auto-renew the expired selfsigned certicates?

I had been running into the same issue. We could not renew or replace the LocalManager self-signed certificate. Later we found out that we can't. It is expired for a while now. In the meantime NSX hasn't renewed it but everything is working fine. No further issues so far. 

Btw, I need to add that we don't use federation...