vCenter

 View Only
  • 1.  STS Signing Certificates are about to expire - vCenter 7

    Posted Apr 26, 2022 03:41 PM

     

    Environment:

    ESXI 6.5, vCenter  7.0.1

     

    Hello Experts, 

    I need your help on two certificate issues. 

    1.  I received alert on vCenter "STS Signing Certificates are about to expire"

    So I tried to follow below, but there's no STS signing certificate, but only Machine and CA certificates. 

     I have no issue signing into vCenter. Any idea? 

    "STS Signing Certificates are about to expire" alert received in vSphere UI (83558) https://kb.vmware.com/s/article/83558?lang=en_US

    certs

    I ran checksts.py and shows it will expire in 78 days. I am not sure if I need to run fixsts.py because the cert doesn't show in GUI at all. ..

     

    b.png

     

    2. Machine cert is about to expire.

    When machine cert expires, what's the impact? 

    How do I renew before it expires? will the steps to renew need to be in maintenance window?

     

    Thank you in advance



  • 2.  RE: STS Signing Certificates are about to expire - vCenter 7

    Posted Apr 26, 2022 08:50 PM

    Hello, 

    I was able to update STS and Machine certificates. 

    Then, I listed all certificates in vCenter and see multiple certificates expiring on 2022. Are they not being used or need to renew as well? If yes, how do I update them?

     

    2022-04-26 15_45_42-mRemoteNG - confCons.xml - vCenter`.png



  • 3.  RE: STS Signing Certificates are about to expire - vCenter 7

    Posted Apr 28, 2022 04:47 AM

    You will have to use option 6 to reset solution user certificates. 

    Expiry on back-up store can be ignored or if you want to clean-up follow https://kb.vmware.com/s/article/82560



  • 4.  RE: STS Signing Certificates are about to expire - vCenter 7

    Posted Mar 21, 2023 02:53 AM

    Instead of option 6 , I believe fixsts script should be use to generate new STS certificate.

    Ref : https://kb.vmware.com/s/article/79263



  • 5.  RE: STS Signing Certificates are about to expire - vCenter 7

    Broadcom Employee
    Posted Apr 29, 2022 07:23 AM

    STS HTML UI administration started with 7.0 U3 only. 

     

    This KB is for sts replacement https://kb.vmware.com/s/article/76719  . But it does have inputs for other certs.

    Ajay1988_0-1651216978612.png

     



  • 6.  RE: STS Signing Certificates are about to expire - vCenter 7

    Posted Mar 21, 2023 03:17 AM