• After using SSH to log into the Aria Operations for Logs appliance with the root account, you run this command: /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus you receive this error: FAILED: Unable to get user data. Possible Cassandra is down.
• Checking the the certificate settings with echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -purpose | grep 'SSL client :' returns SSL client : No

Aria Operations 8.18.x

If the clientAuth X509 v3 extended key usage is not present in custom certificate applied to the Aria Operations for Logs user interface, then the custom certificate is not used for the internal Cassandra database which causes the error seen.

Create a new certificate that has the clientAuth option set in the extendedKeyUsage configurating when creating the certificate. 

Note: Broadcom Support is not able to assist in creating custom certificates. To use a self-signed certificate, you can follow the steps in this article under Generate a self-signed certificate: Install a custom certificate in VMware Aria Operations for Logs 8.12 and Later

A workaround is to temporarily disable certificate validation when logging in to the Cassandra database.

1. Log into the Aria Operations for Logs node as root via SSH or the vSphere console
2. Update the cqlshrc configuration file by running this command: sed -i 's/validate = true/validate = false/' /storage/core/loginsight/cidata/cassandra/config/cqlshrc
3. Run /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus again to validate it runs without error.

Note: This setting will not persist between reboots of the Aria Operations for Logs appliance, so it is recommended to create the certificate with the clientAuth setting. 

You can refer to the OpenSSL documentation for further information: x509v3_config