Need help on VNA Https configuration

book

Article ID: 223638

calendar_today

Updated On:

Products

CA Virtual Network Assurance

Issue/Introduction

We have installed a certificate on the VNA server, and now the operational status is "down"

 

Cause

An incorrect step was followed in the documentation, which called for deleting entries with the alias.

The following link maps to the section on having your own cert and private key, and has steps that do not apply to someone starting off with a self signed cert

The following command should not be followed in this case

Delete the existing certificates from keystore by issuing the following command:

keytool -delete -alias
<alias>
-keystore
<keystore>

 

Environment

Release : 21.2

Component : Virtual Network Assurance For CA Performance Management

Resolution

Restore the backup of the keystore that was made, before deletion

Then add the root and intermediate certs, along with the server cert.

These may need to be put into the correct format, as follows

openssl x509 -inform DER -outform PEM -text -in Root.crt -out Root.pem

openssl x509 -inform DER -outform PEM -text -in Intermediate.crt -out Intermediate.pem

Then import these, along with the server cert, into the keystore

 

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-netops/21-2/Modern-Network-Monitoring-with-DX-Virtual-Network-Assurance/securing/enable-https-for-virtual-network-assurance.html#concept.dita_270e40b3-de8a-4d3d-9fa5-a549673f40d0_UseHTTPSwithCASignedCert