• UI not loading after a custom certificate replacement operation.
• Running the OpenSSL modulus verification command on the private key fails:
  

  openssl rsa -noout -modulus -in /opt/vmware/vcloud-director/etc/user.http.key | openssl md5

  Error: "unable to load Private Key"
  
  
• The /opt/vmware/vcloud-director/logs/vcloud-container-debug.log reports database connection failures resulting from SSL errors:
  

  org.springframework.transaction.CannotCreateTransactionException: Could not open Hibernate Session for transaction; nested exception is org.hibernate.exception.JDBCConnectionException: Cannot open connection
  (...)
  Caused by: org.postgresql.util.PSQLException: SSL error: Could not open Hibernate Session for transaction; nested exception is org.hibernate.exception.GenericJDBCException: Cannot open connection
  (...)
  Caused by: org.postgresql.util.PSQLException: FATAL: the database system is shutting down

VCD 10.3.3

TCI 2.2

The imported private key is corrupt, protected by an incorrect passphrase, or cryptographically mismatched to the signed certificate. This invalid keystore configuration prevents the cell from successfully completing SSL handshakes with the backend PostgreSQL database, leading to persistent JDBC connection exceptions and cell initialization failure.

1. Revert the VCD cell to a pre-maintenance snapshot /backup to restore immediate service utilizing the existing valid certificate.
2. Generate a new Certificate Signing Request (CSR) and a matching private key.
3. Submit the new CSR to the Certificate Authority (CA) for signing.
4. Import the newly signed certificate and the matched private key into the VCD appliance.
5. Restart the vmware-vcd service and verify UI accessibility.