1. The custom cert is constructed successfully by following Configure a Certificate For Use With VMware Aria Operations.

2. Followed Manually validating custom certificate chain PEM file and confirmed all parts are valid.

3. But it shows a red underline immediately after clicking on that "BROWSE..." button and selecting the PEM file. When hovering over the red underline, the error says "Operation failed. If the error persists, contact VMware support."

4. The error below is shown in /storage/vcops/log/casa.log.* on the master node:

...Error uploading pemfile
...com.vmware.vcops.casa.exception.CasaException: validatewebservercert script not present; validateWebServerCertificateCommand=/usr/lib/vmware-casa/bin/vropsCertificateTool.py

Aria Operations 8.18.x

File permissions for /usr/lib/vmware-casa/bin/vropsCertificateTool.py are not correct, which is causing the error shown in the log.

1. Take snapshots of the nodes by following How to take a Snapshot of VMware Aria Operations.

2. Log in to all analytic nodes (primary, replica, data) as root via SSH or vSphere console.

3. Execute the following command to change the file permissions:

    chmod 550 /usr/lib/vmware-casa/bin/vropsCertificateTool.py

4. If vropsCertificateTool.py is corrupted or modified, make a copy of the file by running the following command:

   mv /usr/lib/vmware-casa/bin/vropsCertificateTool.py /usr/lib/vmware-casa/bin/vropsCertificateTool.py.original

5. Download the vropsCertificateTool.py attached at the bottom of this KB. Then use WinSCP or other untilities to copy it to /usr/lib/vmware-casa/bin on all analytic nodes. Then execute step 3 again to change the file permissions.

6. Proceed with installing the new custom cert again.