After updating or replacing a self-signed certificate in VMware Aria Operations for Logs, the following symptoms occur:

• The web UI is inaccessible.

• The Cassandra service fails to start.

• Running nodetool-no-pass status returns an error indicating Cassandra is not running.

• The following errors are observed in /var/log/vmware/loginsight/runtime.log:

  ERROR [main] CassandraDaemon.java:900 - Exception encountered during startup org.apache.cassandra.exceptions.ConfigurationException: Failed to initialize SSL Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect Caused by: java.security.UnrecoverableKeyException: Password verification failed

Aria Operations for Logs 8.18.x

This issue occurs due to a keystore password mismatch between critical configuration files. When the certificate is updated, the password defined in the Cassandra configuration may become out of sync with the main application configuration, preventing the Cassandra daemon from authenticating and loading the SSL keystore during startup.

Prerequisites:

• Take a snapshot of the Aria Operations for Logs node(s) before proceeding.

• Ensure you have root access to the appliance via SSH.

Procedure:

1. Open the Cassandra configuration file and locate the keystore password value:

    cat /storage/core/loginsight/cidata/cassandra/config/cassandra.yaml 

   (Look for the keystore_password  fields under the server_encryption_options section).

2. Open the base configuration file

   vi /usr/lib/loginsight/application/etc/loginsight-config-base.xml

3. Find the password entry in the .xml file (Look for "<syslog-ssl-keystore-password value=" and replace it with the exact value found in the cassandra.yaml file in Step 1.

4. Restart the Aria Operations for Logs service to apply changes.

   service loginsight restart

5. Confirm the Cassandra service is running: nodetool-no-pass status and verify that the UI is now accessible via the browser.

Restart the VMware Aria Operations for Logs