You are experiencing a problem when running 'dxcertgen certs' command to regenerate self-signed certs for your DSAs. What you see is, the timestamp on 'trusted.pem' is being upgrade to 'current' but the content within the file remains the same that results into the newly signed DSA personalities certs still as INVALID.

Release : 14.1

Component : CA Directory

The problem could be related to some kind of permissions issue on following two files.

On Windows:
%DXHOME%\config\ssld\javakeystores\cacerts
%DXHOME%\config\ssld\javakeystores\clientcerts

On Linux:
$DXHOME/config/ssld/javakeystores\cacerts
$DXHOME/config/ssld/javakeystores\clientcerts

Resolution is:

1) Delete the above mentioned two files.
2) Re-run the 'dxcertgen certs' command which should recreate the above two files as well as new content in 'trusted.pem' along with new DSA personalities certs.