This article will guide you to include the root CA from which the AD cert was issued into Log Insight. This will make it so that new certificates will be automatically accepted while accessing Log Insight using AD accounts.

• After AD certificate change, vRealize Log Insight loses the ability to login using AD accounts

The new AD certificates are not available within the keystore file.

To add your AD's certificate into vRealize Loginsight's keystore, please follow the below steps:
  

1. Using a utility such as WinSCP or FileZilla, copy the root certificate used to sign your new AD cert to all nodes in your Log Insight cluster 
2. SSH as root to vRealize Log Insight primary node.
3. Take a backup of the keystore file

4. Import the AD certificate 

keytool -import -alias <alias> -file <cert-file> -keystore cacerts -storepass changeit 

5. Repeat steps 1-3 on all other nodes in the cluster

Unable to login to Log Insight using the AD account after the AD certificate change