Hello,
i have an issue with my certificates. Specialy with one of them.
We are using vCenter 6.5 appliance. It was updated from 5.5 to 6 and 6.5.
I uses own certificates since 5.5.
It all beguns while i try to add the vcenter server to my skyline appliance. I receive the error message
"Couldn't create collection task to test endpoint. -> java.lang.RuntimeException: Couldn't login the client. -> Couldn't login the client. -> Received SSO error -> The SSL certificate of STS service cannot be verified"
So i try to take a closer look into that. I found, that in my STS Signing Certificates where old and expired certificates. So i first replace that with a new one described here.
Generate a New STS Signing Certificate on the Appliance
After that, i was able to remove the old chain from the sts-signing admin page on the vsphere-client site. (not hmtl5).
But the issue remains. Also i am not able to open the lookupservice page
https://vcenter.local/lookupservice/mob
It doesnt matter whcich account i use to login, it looks like the password is wrong. But it definitly is not wrong. The certificate on that site is ok.
If i try to open the older site
https://vcenter.local:7444/lookupservice/mob
It is using an old certificate that i thought i have removed on the sts signing page. But i am not able to login either.
Also if i open the html5 certificate site on the webclient, there is an expired certificate.
What i have also done, but before, was to try to replace all certificates with the certificate-manager to default (8).
But that also did not help.
At the moment, i did not have an glue what to do next.
Any help is appreciated
Frank
I've seen such issues before when vSphere environment is migrated from 5.5
One option is to download the spec file of sso:sts using lstool.py, modify the cert with machine ssl and re-register/re-import the spec back.
I couldn't find any KB article around this issue, Please open a SR with GSS.