• VCF Operations for Networks (formerly Aria Operations for Networks, formerly vRealize Network Insight, vRNI) is deployed and using a certificate created during the deployment process.
• Examining the certificate reveals that it is signed by "VCF Operations Fleet Management Locker CA".
• There is no option to create a new certificate from the Fleet Management > Certificates page that would be signed by "VCF Operations Fleet Management Locker CA" (like the original certificate).
• The only option to replace this certificate from the Fleet Management > Certificates page is to import a CA signed certificate.
• While expanding the footprint (adding nodes) of the VCF Operations for Networks installation, there is an option to build a new certificate and it will be signed by "VCF Operations Fleet Management Locker CA". If a new certificate is created during this workflow, it will not be used by VCF Operations for Networks.

• VCF Operations 9.0
• VCF Operations for Networks 9.0
• Certificate signed by VCF Operations Fleet Management Locker CA" is used by VCF Operations for Networks

There is no means of replacing the certificate used by VCF Operations for Networks with a new certificate signed by "VCF Operations Fleet Management Locker CA". This functionality is not present in VCF Operations 9.0.

Follow the instructions at Managing Certificates in VMware Cloud Foundation to replace the certificate used by VCF Operations for Networks.

If a new node is added to the VCF Operations for Networks installation and the original certificate only contains the SANs (FQDN/IP) for the original nodes, it will not cause an impact to the expanded installation. The certificate used by VCF Operations for Networks can be replaced with one including the SANs(FQDN/IP) for the new node if desired.