Need help on VNA Https configuration


Article ID: 223638


Updated On:


CA Virtual Network Assurance


We have installed a certificate on the VNA server, and now the operational status is "down"



An incorrect step was followed in the documentation, which called for deleting entries with the alias.

The following link maps to the section on having your own cert and private key, and has steps that do not apply to someone starting off with a self signed cert

The following command should not be followed in this case

Delete the existing certificates from keystore by issuing the following command:

keytool -delete -alias



Release : 21.2

Component : Virtual Network Assurance For CA Performance Management


Restore the backup of the keystore that was made, before deletion

Then add the root and intermediate certs, along with the server cert.

These may need to be put into the correct format, as follows

openssl x509 -inform DER -outform PEM -text -in Root.crt -out Root.pem

openssl x509 -inform DER -outform PEM -text -in Intermediate.crt -out Intermediate.pem

Then import these, along with the server cert, into the keystore


Additional Information