ECS: How to reset an SSL certificate and upload a new cert if a wrong cert is inserted

1. Inserting wrong or partial certificates can cause nginx to fail preventing the ECS UI to load. This requires a reset of the certificate to the default self-signed certificate provided with the ECS at install. 

To verify this evaluate logs to determine if you have the issue identifying the keystore as failing to load due to a mismatch:   

Command:
# tail /opt/emc/caspian/fabric/agent/services/object/main/log/nginx/nginx.log
Example:

Setting up SSL certificates
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/opt/storageos/conf/storageos.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

2. Even if nginx is working you would not be able to connect to upstream services. You get the below error when you try to use curl to access resources.

Command: (Note you must update the Management IP address and root password to the UI in the command)
# TOKEN=$(curl -i -k https://<Management IP>:4443/login -u root:<PASSWORD> | grep X-SDS-AUTH-TOKEN);echo $TOKEN
# curl -ks -H "$TOKEN" https://<Management IP>:4443/object/vdcs/vdc/list
Example:

admin@node1:~>curl -ks -H "$TOKEN" https://x.x.x.x:4443/object/vdcs/vdc/list
<?xml version="1.0" encoding="UTF-8"?>
<error>
<code>6503</code>
  <description>Unable to connect to the service. The service is unavailable, try again later.</description>
  <details>The service is currently unavailable because a connection failed to a core component. Please contact an administrator or try again later.</details>
<retryable>true</retryable>
</error>

In order to upload a new certificate, you must be able to use curl to access /vdc/keystore but because of the issue described above, you need first to reset the key or cert pair. In case you need reset the SSL Certificate for being able to upload a new one, open a Service Request with Technical Support referencing this KB.