When attempting to renew or replace the custom SSL/TLS certificate on the VCF Operations for Networks (formerly Aria Operations for Networks) Platform node.

When running the custom-cert apply command via the command-line interface (CLI), the system returns the following success message:

Successfully applied new certificate. All active UI sessions have to be restarted.

However, upon refreshing the browser or opening a new session, the UI continues to serve the old/expired certificate.

VCF Operations for Networks 6.14.x

This issue occurs when the newly generated .crt and .key files are copied to the wrong directory on the Platform node prior to running the apply command.

The custom-cert apply command specifically looks for the certificate files inside the /home/ubuntu/ directory (the default home directory for the consoleuser). If the new certificate files are uploaded to a custom or alternative directory (e.g., /sftp/Cert/new/), the command will not find them.

Instead, the command will find and successfully re-apply the old certificate files that were left behind in the /home/ubuntu/ directory from a previous renewal. Because those old files are technically valid certificate formats, the CLI returns a false "Success" message, but the UI remains unchanged.

To resolve this issue, the new certificate files must be placed in the exact directory expected by the application.

1. Connect to the VCF Operations for Networks Platform node via an SCP/SFTP client (such as WinSCP) using the consoleuser credentials.

2. Ensure you navigate specifically to the /home/ubuntu/ directory.

3. Upload the newly generated Custom CA .crt and .key files directly into /home/ubuntu/. Make sure they overwrite any older files with the same name.

4. Open an SSH session to the Platform node as consoleuser.

5. Run the apply command again: custom-cert apply

6. Wait for the success message.

7. Open a new Incognito/Private browsing window and navigate to the UI. The web server should now present the newly generated certificate.

For the complete, step-by-step official procedure on how to prepare, format, and apply custom certificates in VCF Operations for Networks, please refer to: Broadcom KB 324471: How to install a custom certificate on vRealize Network Insight / Aria Operations for Networks