vCenter

 View Only
  • 1.  Certificate Issue

    Posted Oct 24, 2019 12:44 PM

    Hello,

    i have an issue with my certificates. Specialy with one of them.

    We are using vCenter 6.5 appliance. It was updated from 5.5 to 6 and 6.5.

    I uses own certificates since 5.5.

    It all beguns while i try to add the vcenter server to my skyline appliance. I receive the error message

    "Couldn't create collection task to test endpoint. -> java.lang.RuntimeException: Couldn't login the client. -> Couldn't login the client. -> Received SSO error -> The SSL certificate of STS service cannot be verified"

    So i try to take a closer look into that. I found, that in my STS Signing Certificates where old and expired certificates. So i first replace that with a new one described here.

    Generate a New STS Signing Certificate on the Appliance

    After that, i was able to remove the old chain from the sts-signing admin page on the vsphere-client site. (not hmtl5).

    But the issue remains. Also i am not able to open the lookupservice page

    https://vcenter.local/lookupservice/mob

    It doesnt matter whcich account i use to login, it looks like the password is wrong. But it definitly is not wrong. The certificate on that site is ok.

    If i try to open the older site

    https://vcenter.local:7444/lookupservice/mob

    It is using an old certificate that i thought i have removed on the sts signing page. But i am not able to login either.

    Also if i open the html5 certificate site on the webclient, there is an expired certificate.

    What i have also done, but before, was to try to replace all certificates with the certificate-manager to default (8).

    But that also did not help.

    At the moment, i did not have an glue what to do next.

    Any help is appreciated

    Frank



  • 2.  RE: Certificate Issue

    Posted Oct 24, 2019 02:19 PM

    I've seen such issues before when vSphere environment is migrated from 5.5

    One option is to download the spec file of sso:sts using lstool.py, modify the cert with machine ssl and re-register/re-import the spec back.



  • 3.  RE: Certificate Issue

    Posted Oct 24, 2019 02:51 PM

    I couldn't find any KB article around this issue, Please open a SR with GSS.