After you added the new NSX Manager node to the cluster and validated the cluster status, you must restore the CA-signed SSL certificate of the node.
To view the certificate of the failed NSX Manager cluster node, you log in to the NSX Manager node for the particular domain.
- In a web browser, log in to the NSX Manager node for the domain by using the user interface (https://<nsx_manager_node_fqdn>/login.jsp?local=true)
- On the main navigation bar, click System.
- In the left pane, under Settings, click Certificates.
- Locate and copy the ID of the certificate that is issued by CA to the node that you are restoring.
- Run the command to install the CA-signed certificate on the new NSX Manager node.
curl -H 'Accept: application/json' -H 'Content-Type: application/json'\ --insecure -u 'admin:nsx-t_admin_password' -X POST\ 'https://nsx-t_host_node/api/v1/node/services\/http action=apply_certificate&certificate_id=certificate_id'
What to do next
If assigning the certificate fails because the certificate revocation list (CRL) verification fails, see https://kb.vmware.com/kb/78794. If you disable the CRL checking to assign the certificate, after assigning the certificate, you must re-enable the CRL checking.