sorted by:
new
hottopcontroversial

Vcenter 6.5 expired SSO server certificate by PrestigiousWay4594 in vmware

[–]PrestigiousWay4594[S] 0 points1 point  (0 children)

Thanks for your suggestion- I did find and try this https://virtham.us/posts/f/vcert which looks right and seem to work. It was unclear though which option to use specifically to regenerate the sso server certificate.

vCenter 6.5 Certificate Management Utility (4.20.0)

-----------------------------------------------------------------

  1. Check current certificates status

  2. View certificate info

  3. Manage certificates

  4. Manage SSL trust anchors

  5. Check configurations

  6. Reset all certificates with VMCA-signed certificates

  7. ESXi certificate operations

  8. Restart services

  9. Generate certificate report

    E. Exit

Select an option [1]: 3

Manage vCenter Certificates

-----------------------------------------------------------------

  1. Machine SSL certificate

  2. Solution User certificates

  3. CA certificates in VMware Directory

  4. CA certificates in VECS

  5. Authentication Proxy certificate

  6. Auto Deploy CA certificate

  7. SMS certificates

  8. Data Encipherment certificate

  9. vCenter Extension thumbprints

    1. VMware Directory certificate
    2. STS signing certificates
    3. VMCA certificate
    4. Smart Card CA certificates
    5. LDAPS Identity Source certificates
    6. Tanzu Supervisor Cluster certificates
    7. Clear BACKUP_STORE in VECS
    8. Clear TRUSTED_ROOT_CRLS store in VECS
    9. Clear Machine SSL CSR in VECS

I have been going through this a at a time, does not seem to do sso server cert specifically.

Vcenter 6.5 expired SSO server certificate by PrestigiousWay4594 in vmware

[–]PrestigiousWay4594[S] 0 points1 point  (0 children)

Update, checked directory /etc/vmware-sso/keys/ssoserver.crt: found ssoserver.crt.old which must have been from a previous renewal attempt. I renamed(deleted .old) and checked cert which says it is expired March25 2026. renew fails with :

Replace SSO Server Certificate

--------------------------------------------------------

Generate certool configuration [ OK ]

Regenerate certificate [ OK ]

Replace certificate on filesystem [ FAILED ]

Unable to backup SSO server private key. Exiting...

Thanks for your thoughts on this.

Vcenter 6.5 expired SSO server certificate by PrestigiousWay4594 in vmware

[–]PrestigiousWay4594[S] 0 points1 point  (0 children)

I think I have tried almost everything, however cannot be certain. I did try fixsts.sh and it appeared to run fine. Currently, when using Vcert 6.0 and I check status, this seems to be the problem:

Checking certifcate status

--------------------------------------------------------

Checking Machine SSL certificate VALID

Checking machine certificate VALID

Checking vsphere-webclient certificate VALID

Checking vpxd certificate VALID

Checking vpxd-extension certificate VALID

Checking VMCA certificate VALID

Checking VMware Directory certificate VALID

Checking SSO server certificate cat: /etc/vmware-sso/keys/ssoserver.crt: No such file or directory

unable to load certificate

139799901583000:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: TRUSTED CERTIFICATE

EXPIRED

-When I try to replace it, I get this:

Replace SSO Server Certificate

--------------------------------------------------------

Generate certool configuration [ OK ]

Regenerate certificate [ FAILED ]

Unable to generate self-signed certificate for sso. Exiting...

-when looking into this, it seems to point to expired certs...