We are receiving a message on all of our linked vCenter servers (6.7 Update 3) that "STS Signing Certificates are about to Expire". How do we go about renewing these certificates? VMware's documentation references renewing using the flash (Flex) web client, but end of life for adobe flash player was December 31st and no longer able to launch the Flex vCenter web client...
Hi @pasalott ,
Please run 'fixsts' to regenerate these certificates.
vCSA --> https://kb.vmware.com/s/article/76719
vC Windows --> https://kb.vmware.com/s/article/79263
To access vCenter via flex client, you can try the browser workarounds provided by William here-> Adobe flash EOL
Hope that helps.
Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem
Hi @pasalott ,
Please run 'fixsts' to regenerate these certificates.
vCSA --> https://kb.vmware.com/s/article/76719
vC Windows --> https://kb.vmware.com/s/article/79263
To access vCenter via flex client, you can try the browser workarounds provided by William here-> Adobe flash EOL
Hope that helps.
Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem
Thanks .@ashilkrishnan
One more question, the article you linked for vCSA mentions that the script should only be run once per SSO domain. We have five vCenter servers in linked mode, each with an embedded PSC. The STS certs need to be renewed on all five vCenter appliances. Do we need to run "fixsts" on all five of the linked vCenter appliances?
If these are in linked mode, you just have to run it on any one of the vCs. Please refer the note under impact/risks.
As these vCs are in linked mode, I would suggest powering down all 5 vCs and take a powered off snapshot. Once the snapshot is taken for these vCs, you can power them back on and ensure all services are running on all 5 vCs before running fixsts.