After replacing the platform certificate in VCF Operations for Networks (formerly vRealize Network Insight), the browser prevents access to the user interface. The browser displays the error message ERR_CERT_COMMON_NAME_INVALID.

VCF Operations for Networks

The generated certificate or the Certificate Signing Request (CSR) used to obtain the certificate did not have Subject Alternative Name (SAN) entries. Modern web browsers require the SAN field to include a DNS entry matching the FQDN of the platform appliance; reliance solely on the Common Name (CN) is no longer sufficient for security validation.

To resolve this issue, a new CSR must be generated that explicitly includes the Subject Alternative Name (SAN) field.

1. Create a config file to be used with OpenSSL to create CSR, and run the following command to create an empty file.

    

vim vrni_config.cfg

1. When using vim as the editor, to edit the file press i key to insert text.

2. Paste in the following template, and edit [ req_distinguished_name ] and [alt_names] sections according to your environment.

   [req]
distinguished_name = req_distinguished_name 
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = GB
ST = Greater London
L = London
O = THMB
OU = VMware
CN = vrni-p01-mp.thmb.local
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = vrni-mp.thmb.local

3. When using vim as the editor, to save the file press the esc key, and enter :wq! followed by the return key.

4. Post that below KB can be referred for the steps to generate the key and CSR and replace the certificate:
   How to install, renew and replace a custom (CA Signed) certificate on VCF Operations for Networks