Hi msripada,
Thank you - Its exactly what I expected to be honest, as its usual to lose some existing functionality in a new vSphere release; I guess the need to get new features working is a higher priority than porting existing rarely used features into the HTML5 client. #frustrating
For anyone following the "Generate a New STS Signing Certificate on the Appliance" procedure mentioned in Managing Security Token Service be cautious with step 6.
My vCenter 7.0 server's VMCA is configured as a subordinate to my enterprise PKI (Root CA & Inter CA), but the file /etc/vmware-sso/keys/ssoserverRoot.crt was the old self-signed root CA generated during the vCenter Server install.
I broke my vCenter Server the first time (vpxd service failed to start on boot) as I did not notice this. :-(
I reverted my vCenter Server snapshot, backed up the 3 certs in the /etc/vmware-sso/keys/ directory, replaced the default ssoserverRoot.crt cert with my Ent PKI Root CA certificate.
For completeness, I also replaced the machine.crt and ssoserver.crt file (they are identical) with the MACHINE_SSL certificate chain from the VECS Machine SSL cert store:
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT > /etc/vmware-sso/keys/machine.crt
cp /etc/vmware-sso/keys/machine.crt /etc/vmware-sso/keys/ssoserver.crt
I ran the remainder of the procedure (Refresh the Security Token Service Certificate) and vCenter Server boots just fine.
Cheers
Martin