• Fleet Manager was used to generate a CSR for a new VCF Operations custom certificate

• The CA signed certificate was imported into the Fleet Management > Certificates page in VCF Operations

• When the Replace With Imported Certificate button was pressed, the task failed

• The error message returned was

  Error Code: LCMVROPSYSTEM25016
  Import certificate for Operations failed

• Clicking Show More shows

  "error_message":"Multiple leaf certificates (Primary SSL) are found. Provide only one leaf certificate."

VCF Operations 9.0.x

The Fleet Manager did not store the entire certificate chain when the certificate was imported into Fleet Management > Certificates

Workaround

1. Log in to the VCF Operations Admin UI and click Take Cluster Offline

2. Wait for the cluster status to show offline

3. Create snapshots of all analytic nodes (primary, replica, data) in the VCF Operations cluster

4. Click the SSL Certificate button in the VCF Operations Admin UI

5. Click Install New Certificate and browse to the pem file to be applied to VCF Operations

6. Click Install

   Note: The process will take a couple of minutes and the Admin UI may change as the web services are restarted

7. Validate the new certificate has been installed by refreshing the web page and viewing the certificate with the browser's Certificate Details page

   Note: If the browser still shows the page is insecure, try opening a new in private or incognito browser session

8. Bring the VCF Operations cluster back online

9. Log in to the VCF Operations product UI and navigate to Fleet Management > Lifecyclye > VCF Management > Components and click on operations

10. Click Trigger Inventory Sync and verify the task completes successfully.

If VCF Operations was used to generate the CSR, please contact Broadcom support for assistance retrieving the private key to be included in the VCF Operations pem file.

Add a Custom Web Certificate to VCF Operations