The certificate configured for Aria Automation Config service/web portal needs to be replaced.

VMware Aria Automation Config 8.12.x and above

SaltStack Enterprise 6.0 and higher

1. Identify the location of the current used certificates in the RaaS configuration file /etc/raas/raas in following entries:
   

     tls_crt: /etc/pki/raas/certs/localhost.crt
     tls_key: /etc/pki/raas/certs/localhost.key

   Note: The above is an example, your certificates might be in a different location.

2. Backup the certificate and key file as found in the above configuration file

3. Obtain a renewed certificate and associated key and copy the files into the same location, giving them the same names.
   Note: Alternatively you may relocate the files elsewhere as long as the entries above point to the correct place.

4. Verify that the raas user owns these files and they have permissions 600 (or -rw------- ).
5. Verify that the raas user can access the files if parent directories have differing permissions.
6. Restart the SSE server 

   systemctl restart raas

7. Wait a few seconds, then verify that SSE is up and running. 

   systemctl status raas

8. Visit the Aria Automation Config URL in your browser to verify that the webserver is serving content. Using your browser's tools, check the details on the certificate being served to validate that it is the expected certificate with the desired expiration date.
9. If the used Certificate Authority to sign the new certificate is different to the known Certificate Authority of the connected salt-master server then also import the certificate of the used Certificate Authority to each connected salt-master server.
   e.g: Making CA certificates available to Linux command-line tools