NSX Manager, Edge OVA import fails due to expired certificate
There is a
new issue affecting all NSX based OVA deployments.
From 3rd
of January 2026 onwards, deployments and redeployments of NSX Edge and Managers
will fail due to an expired certificate in the OVA.
This will
affect workflows involving new appliance deployment, such as greenfield
deployments from standalone NSX and VCF based NSX, Edge cluster expansion, NSX
appliance resizing and replacement, and restoring from backup.
Failure
will be observed when deploying from the vSphere client, OVF Tool, the NSX UI
and VCF Installer.
All NSX
releases are affected (3.x, 4.x, 9.0.x)
Resolution
/ Workaround
This is a
known issue. New Releases of NSX 4.x and NSX 9.x will include a new valid certificate.
Workaround:
In vSphere
Client you can just ignore the expired certificate and acknowledge the
warning.
For ovftool
based deployments just add the parameter –disableVerification
For VCF
9 Installer based deployments it is an option to execute the import of the
NSX Manager for the MGMT Domain manually using vSphere Client or ovftool.and retry
the failed step in the VCF installer afterwards.
For NSX
manager based ova deployments use the workarounds described below:
Update 05.01.2026:
VMware has
published KBs for the issue:
Edge/Manager
deployments via vSphere client or ovftool
https://knowledge.broadcom.com/external/article/424036
Edge deployments from NSX UI
https://knowledge.broadcom.com/external/article/424034
Manager deployments from NSX UI
https://knowledge.broadcom.com/external/article/424035
Comments
Post a Comment