Skip to main content

We just got our first 3 node Nutanix cluster (using AHV)  a couple months ago so we’re very new. I have been unable to use the Nutanix Portal setting within LCM to perform updates so I used the Dark Site option. Plus I have warnings about LDAPS but I am unable to use that setting. Both issue I think are cert related. I replaced the self signed certs in Prism Element & Prism Central following a couple Nutanix KB’s.

Do I also need to replace certs on the individual CVM’s? The Nutanix documents & KB’s don’t explicitly mention anything about certs on the CVM’s but at the same time there have been a couple documents that say not to put certs on the CVM’s because future updates could remove them. 

As far as i know, when you update the certificates on Prism Element that will also apply the certs on the CVMs. I never updated any certs directly on the CVM itself, only on Prism Element and Prism Central.
Bear in mind in older versions of Prism Central and PE (there was an issue with 4096 bit certificates, they would import but some stuff would not work) If this was your case try with a 2048 bit cert or upgrade to latest AOS/PC.
But the fact you had LCM problems indicate you have something else wrong on your environment (most likely traffic being blocked).

No. Just place the certs on pe and pc and you are good to go. The problem with lcm must be related to dns/routing/firewall. 

Terms & Conditions