Login into CA Directory Management UI fails and the following errors can be found in the Management UI DSA warn log:
Component: CA Directory
The personality certificate of the Management UI DSA expired.
The expiry date can be seen in the certificates report, use this command:
dxcertgen -i "CN=GenCA,O=MgmtUI,C=AU" -D "xxxxxxxxxxx-management-ui" certs
It is also possible that monitoring DSA certificate needs to be re-generated because personality certificates for both management DSAs were likely generated at the same time. The command is similar:
dxcertgen -i "CN=GenCA,O=MonitorMgmtUI,C=AU" -D "xxxxxxxxxxx-monitoring-management-ui" certs
Please notice that we should specify different issuer in both dxcertgen commands above. If we failed to do that, Management UI won't be able to connect the Management UI DSA and apps.log shows "certificate signature failure" error. This is because the second dxcertgen execution has overwritten the CA root certificate, which was created at the 1st dxcertgen execution, in trusted.pem. This will make the Management UI DSA certificate orphan (invalid) as it doesn't have the original CA root certificate anymore.