VMware NSX

  • 1.  Renew the client auth self signed cert

    Posted Oct 31, 2024 09:52 PM

    NSX Version 3.2.3

    Hi I have certs on the global managers that are self signed, cn = global-manager, certificate category =Principal Identity Certificate, where used is "<dg-wrapped-cell class="ng-star-inserted"></dg-wrapped-cell><nsx-system-entity-indicator _ngcontent-kpu-c471="" class="ng-star-inserted"></nsx-system-entity-indicator>Client Auth"

    Generally we create a new cert in openssl and upload using the api and apply it using ?action=apply_certificate&service_type=

    However I cannot get this particular type to renew, when using type "CLIENT_AUTH" I get a generic error,  "error_code"2081. I think the issue is because when I upload or create a self signed cert they are type "platform certificate" where it needs to be a principal identity certificate.

    Any ideas how I can do this?



  • 2.  RE: Renew the client auth self signed cert

    Posted Jan 03, 2025 06:23 AM

    The error code 2081 typically indicates an issue with the certificate or the upload process. NSX-T expects the certificate to be categorized as a Principal Identity Certificate (not just a platform certificate or Client Authentication type). When creating a certificate using OpenSSL, ensure that it has the correct key usage and extended key usage fields for Client Authentication


    Original Message