Skip to content
Latest
NewVKS Cluster Management Stuck in “Configuring” on VCF 9.0 — and the Disabled DFW Hiding UnderneathNewVMware Explore 2026: 5 Must-See Sessions for Doing More with VCF 9PostUpgrade NVIDIA Mellanox Firmware for VCF 9PostOmnissa Horizon 2603 – Deleting / Cleaning Up Orphaned VMs / TemplatesPostVMware Explore 2026: A No-Hype Field Guide for VCF PractitionersPostBuild a Production-Ready VCF Offline Depot in 5 MinutesPostIntegrating Microsoft Certificate Authority with VMware Cloud Foundation 9.xPostVMware Explore 2026: What VCF Practitioners Should Plan ForNewVKS Cluster Management Stuck in “Configuring” on VCF 9.0 — and the Disabled DFW Hiding UnderneathNewVMware Explore 2026: 5 Must-See Sessions for Doing More with VCF 9PostUpgrade NVIDIA Mellanox Firmware for VCF 9PostOmnissa Horizon 2603 – Deleting / Cleaning Up Orphaned VMs / TemplatesPostVMware Explore 2026: A No-Hype Field Guide for VCF PractitionersPostBuild a Production-Ready VCF Offline Depot in 5 MinutesPostIntegrating Microsoft Certificate Authority with VMware Cloud Foundation 9.xPostVMware Explore 2026: What VCF Practitioners Should Plan For
Virtual Bytes
Infrastructure · VCF · NSX · vSAN
VMware Cloud Foundation January 15, 2026 2 min read

VMware Cloud Foundation 9.0.1 – “The Certificate is Expired” NSX Edge Deployment

To work around this issue, follow this procedure, which involves disabling OVF validation on the NSX Managers.

Prerequisites

  • Ensure an up-to-date backup is in place and that the credentials and passphrase are known.
  • There is no impact on production when following this procedure.
OVF certificate validation failed. Error: [VALIDATION_ERROR: CERTIFICATE_EXPIRED; ]

Download the script firstGet disable_ovf_validation_flag.sh from the Broadcom KB article Verify the MD5 hash if provided (MD5 : 9e44c678a035bedd42f53a15626b3919)  -> KB424034

Upload the disable_ovf_validation_flag.sh script to each NSX Manager.
After the deployment, you can re-run the enable script (enable_ovf_validation_flag.sh) if you need or want to have OVF validation enabled again.

For my lab environment, I am keeping it disabled until a fix is released or the next VCF 9.0.2 upgrade/patch addresses the issue.

Procedure

Connect to each NSX Manager via WinSCP

  • Protocol: SFTP (recommended; falls back to SCP if needed)
  • Host name: IP address or FQDN of the NSX Manager
  • Port: 22 (default)
  • Username: root (Important: The admin account won’t work for file transfers WinSCP on NSX Managers — you must use root)
  • Password: Your root password

Common gotcha: SSH Service Issues:

  • If SSH is not running then you will need to console into the NSX Managers first as admin, then run: get service ssh. If SSH service is not running then you will need to start the ssh service “start service ssh” or keep SSH persistant upon reboot then execute “set service ssh start-on-boot”

Upload location – Copy the script to the /root directory on each of the three NSX Managers.

After upload (for each NSX Manager)

  • SSH in as root (or use the NSX console).
  • Run it: bash /root/disable_ovf_validation_flag.sh

Now that we have successfully executed the disable_ovf_validation_flag.sh script on all NSX Managers, time to re-run the NSX Edge Node deployment.

In my previous attempt (with validation enabled), the deployment process started, I saw the NSX Edge uplinks appear in vCenter Networking inventory, but no Edge nodes ever showed up in the vCenter VM inventory — the task failed early due to the certificate expiration error before the VMs could be fully created/registered.

Success!

Share
Tags broadcom Cloud Computing kb424034 nsx ovf certificate expired servers storage vcenter Virtual Machines VMs vmware VMware Cloud Foundation VMware NSX
Tommy Grot
Infrastructure engineer and author at VirtualBytes.

Leave a comment

Your email address will not be published. Required fields are marked with an asterisk.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from VMware Cloud Foundation

VKS Cluster Management Stuck in “Configuring” on VCF 9.0 — and the Disabled DFW Hiding Underneath Jun 26, 2026 13 min read Upgrade NVIDIA Mellanox Firmware for VCF 9 Jun 16, 2026 9 min read Build a Production-Ready VCF Offline Depot in 5 Minutes May 24, 2026 12 min read Integrating Microsoft Certificate Authority with VMware Cloud Foundation 9.x May 21, 2026 8 min read

Related posts