Add/remove of nodes with CA Directory application within Symantec Identity Suite / Virtual Appliance is not cleaning up old certs in the trusted.pem. This causes services to become stuck starting during deployment.
Release : 14.4
su - dsa
dxcertgen listca
Once you have the list, it is time to remove the no longer valid certs.
dxcertgen -r "invalidcert#" removeca
Example:
dxcertgen -r 5 removeca
Remove 1 at a time as each time the cert numbers change.
Run 'dxcertgen listca' after each removal.
Example:
dxcertgen listca
dxcertgen -r 2 removeca
dxcertgen listca
dxcertgen -r 2 removeca
dxcertgen listca
dxcertgen -r 5 removeca
dxcertgen listca
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/tools-to-manage-ca-directory/dxtools/dxcertgen-tool-generate-and-work-with-certificates.html
This is planned to be fixed in 14.4.2