Environment

YBA version -2.18.1.2

Issue

In Replicated environments, enabling TLS for HA requires adding the root certificate associated with YBA's TLS certificate to the Java trust store through the YBA GUI. However, in Replicated environments, Replicated generates a root certificate used to sign the YBA certificate. The challenge arises because this root certificate is not served through the browser, making it difficult to import into the Java trust store following the documentation instructions.

Resolution

To resolve the issue, obtain the required certificate from the YBA node located at

/var/lib/replicated/secrets/ca.crt. 

For TLS activation, copy this certificate from the Active node and import it into the trust store of the passive YBA node, and vice-versa. If multiple passive nodes exist, import each node's root certificate into the trust store on all other nodes. Importing all root certificates into the trust store on every node is a precautionary measure to avoid confusion, particularly in scenarios with numerous nodes.

How to configure YBA HA is documented in below doc link:
https://docs.yugabyte.com/preview/yugabyte-platform/administer-yugabyte-platform/high-availability/