Replacing a vSphere 7.x Machine SSL certificate with a Custom Certificate Authority and Integration with NSX-T
After replacing the certificate of vCenter with Custom Certificates (which includes certificate(leaf) + sub CA + root CA) then adding compute manager on NSX-T gives error " Certificate chain of Compute Manager is invalid. Please check Issuer and Subject in the chain. (Error Code: 90204)" and sync status between VC and NSX-T manager is down It is because certificate chain is invalid and Certificate chain is being duplicated in the vCenter. Resolution: Correct the order you need to follow the following chain For Machine SSL Certificate Field: It must include Certificate + subordinate CA + Root CA like this -----BEGIN CERTIFICATE----- MIIFrDCCBJSgAwIBAgITZgAAADAs1zlIBj9VFgABAAAAMDANBgkqhkiG9w0BAQsFADBjMRMwEQYKCZImiZPyLGQBGRYDY29tMRgwFgYKCZImiZPyLGQBGRYIZnB0Y2xvdWQxFjAUBgoJkiaJk/IsZAEZFgZpbnNpZGUxGjAYBgNVBAMTEUZQVENMT1VELVNVQi1DQTAxMB4XDTIxMDIyNDAyNTQyNVoXDTI0MDIyNDAyNTQyNVowKzEpMCcGA1UEAxMgc2duMDltMDF2...