• After changing the certificate used by the Active Directory server, it is no longer possible to login to Aria Operations for Logs using AD accounts.
• The file /storage/core/loginsight/var/ui_runtime.log contains a message similar to the following:
  
  java.security.KeyStoreException: Failed to load default trust store
  
  
• Running the following command from Operations for Logs, replacing <AD_Server_FQDN> and <AD_SSL_Port>:
  
  openssl s_client -showcerts -connect <AD_Server_FQDN>:<AD_SSL_Port>
  
  Gives a response containing the following:
  verify error:num=21:unable to verify the first certificate

Aria Operations for logs 8.18.x

1. Using a utility such as WinSCP or FileZilla, copy the root certificate used to sign your new AD certificate to all nodes in your Aria Operations for logs cluster. 
2. SSH as root to Aria Operations for logs 8.18.x primary node.
3. Take a backup of the keystore file
   
   cp /usr/java/jre-vmware/lib/security/cacerts /usr/java/jre-vmware/lib/security/cacerts_backup

4. Import the root AD certificate.
   
   keytool -import -alias <alias> -file <cert-file> -keystore cacerts -storepass changeit 

5. Repeat steps 1-3 on all other nodes in the cluster

You can follow How to replace a corrupted truststore in Aria Operations for Logs if the truststore is corrupted.