We have installed a certificate on the VNA server, and now the operational status is "down"
An incorrect step was followed in the documentation, which called for deleting entries with the alias.
The following link maps to the section on having your own cert and private key, and has steps that do not apply to someone starting off with a self signed cert
The following command should not be followed in this case
Delete the existing certificates from keystore by issuing the following command:
Release : 21.2
Component : Virtual Network Assurance For CA Performance Management
Restore the backup of the keystore that was made, before deletion
Then add the root and intermediate certs, along with the server cert.
These may need to be put into the correct format, as follows
openssl x509 -inform DER -outform PEM -text -in Root.crt -out Root.pem
openssl x509 -inform DER -outform PEM -text -in Intermediate.crt -out Intermediate.pem
Then import these, along with the server cert, into the keystore
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-netops/21-2/Modern-Network-Monitoring-with-DX-Virtual-Network-Assurance/securing/enable-https-for-virtual-network-assurance.html#concept.dita_270e40b3-de8a-4d3d-9fa5-a549673f40d0_UseHTTPSwithCASignedCert