The Problem
I recently replaced the self-signed NSX-ALB certificates with a CA-signed (Microsoft CA) certificate, which caused a new unanticipated issue with TKGm deployment.
The TKGm installer wizard was complaining about the certificate validity. I knew there was nothing wrong with the certificate validity on NSX ALB because it was replaced just a few hours ago. Nonetheless, I double-checked the certificate expiration date, which is set to 2024.
After some jiggling, I investigated the bootstrap machine CLI terminal, where I issued the tanzu management-cluster create command, and spotted the main problem right away.
This is the error shown in the CLI.
1 |
E0313 12:55:20.639848 1549280 avisession.go:666] Client error for URI: login. Error: Post "https://alb.vstellar.local/login": x509: certificate signed by unknown authority |
Since the certificate is not signed by a Public CA, the bootstrapper machine has no idea about the CA server who signed this cert.… Read More