VMware vSphere

I have two vCenters in ELM. The ESXi hosts are showing certificate expiration warnings. We noticed that the STS signing certificates will expire in 25 days. Also, the Trusted Root Certificates store contains four certificates, and two of them are about to expire in 25 days. These include VMCA and Trusted Root certificates.

How can I renew those certificates? We use SSL certificates only from our internal CA, while the STS and VMCA certificates are issued by the vCenters.

Hi azuser,

You have not detailed your versions of vCenter you are running, some certificate steps have changed overtime. Below is links that should get you out of trouble.

This is a general Certificate article for renewing/regenerating VMCA certificates, some steps will assist you, it also link off to other certificate articles you may find useful including the STS renewal: https://knowledge.broadcom.com/external/article/318767

For STS certificate expiry: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/refresh-an-sts-certificate-using-the-vsphere-client.html