Login into CA Directory Management UI fails and the following errors can be found in the Management UI DSA warn log:
 20200114.215504.030 WARN : Certificate 'config/ssld/personalities/xxxxxxxxxxx-management-ui.pem' is outside of validity date range
 20200114.215504.030 WARN : Unable to get certificate from 'config/ssld/personalities/xxxxxxxxxxx-management-ui.pem'
 20200114.215504.030 WARN : set_cert_stuff failed
 20200114.215504.030 WARN : Cannot get personality
 20200114.215504.030 WARN : Cannot create an SSL context
Component: CA Directory
The personality certificate of the Management UI DSA expired.
The expiry date can be seen in the certificates report, use this command:
dxcertgen -i "CN=GenCA,O=MgmtUI,C=AU" -D "xxxxxxxxxxx-management-ui" certs
It is also possible that monitoring DSA certificate needs to be re-generated because personality certificates for both management DSAs were likely generated at the same time. The command is similar:
dxcertgen -i "CN=GenCA,O=MonitorMgmtUI,C=AU" -D "xxxxxxxxxxx-monitoring-management-ui" certs
Please notice that we should specify different issuer in both dxcertgen commands above. If we failed to do that, Management UI won't be able to connect the Management UI DSA and apps.log shows "certificate signature failure" error. This is because the second dxcertgen execution has overwritten the CA root certificate, which was created at the 1st dxcertgen execution, in trusted.pem. This will make the Management UI DSA certificate orphan (invalid) as it doesn't have the original CA root certificate anymore.