APIs for managing SOS fail with: 

   "status": 401,
   "message": "JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."

SOS bundles generate successfully when using the CLI.

This issue can impact any chp release that upgrades commonsvcs.

The issue was originally found on vcf4411-chp.

The chp upgrade updates the secret token without restarting the sosrest service, which causes the sosrest to still refer to the older secret value for the auth token.

The issue should not reoccur in the environment after running the following command in the SDDC Manager: systemctl restart sosrest

This is fixed in vcf4501.