After you added the new NSX Manager node to the cluster and validated the cluster status, you must restore the CA-signed SSL certificate of the node.

To view the certificate of the failed NSX Manager cluster node, you log in to the NSX Manager node for the particular domain.

Procedure

  1. In a web browser, log in to the NSX Manager node for the domain by using the user interface (https://<nsx_manager_node_fqdn>/login.jsp?local=true)
  2. On the main navigation bar, click System.
  3. In the left pane, under Settings, click Certificates.
  4. Locate and copy the ID of the certificate that is issued by CA to the node that you are restoring.
  5. Run the command to install the CA-signed certificate on the new NSX Manager node.
    curl -H 'Accept: application/json' -H 'Content-Type: application/json'\ --insecure -u 'admin:nsx-t_admin_password' -X POST\ 'https://nsx-t_host_node/api/v1/node/services\/http action=apply_certificate&certificate_id=certificate_id'

What to do next

Important:

If assigning the certificate fails because the certificate revocation list (CRL) verification fails, see https://kb.vmware.com/kb/78794. If you disable the CRL checking to assign the certificate, after assigning the certificate, you must re-enable the CRL checking.