pasalott
Enthusiast
Enthusiast

vCenter 6.7 Update 3 Message - "STS Signing Certificates are about to Expire"

Jump to solution

We are receiving a message on all of our linked vCenter servers (6.7 Update 3) that "STS Signing Certificates are about to Expire".  How do we go about renewing these certificates?  VMware's documentation references renewing using the flash (Flex) web client, but end of life for adobe flash player was December 31st and no longer able to launch the Flex vCenter web client...

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-62981EA9-FEDD-4803-9CB6-29552F...

 

0 Kudos
1 Solution

Accepted Solutions
ashilkrishnan
VMware Employee
VMware Employee

Hi @pasalott ,

Please run 'fixsts' to regenerate these certificates.

vCSA --> https://kb.vmware.com/s/article/76719 

vC Windows --> https://kb.vmware.com/s/article/79263 

To access vCenter via flex client, you can try the browser workarounds provided by William here-> Adobe flash EOL 

Hope that helps.

Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem

View solution in original post

3 Replies
ashilkrishnan
VMware Employee
VMware Employee

Hi @pasalott ,

Please run 'fixsts' to regenerate these certificates.

vCSA --> https://kb.vmware.com/s/article/76719 

vC Windows --> https://kb.vmware.com/s/article/79263 

To access vCenter via flex client, you can try the browser workarounds provided by William here-> Adobe flash EOL 

Hope that helps.

Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem

pasalott
Enthusiast
Enthusiast

Thanks .@ashilkrishnan

One more question, the article you linked for vCSA mentions that the script should only be run once per SSO domain.  We have five vCenter servers in linked mode, each with an embedded PSC.  The STS certs need to be renewed on all five vCenter appliances.  Do we need to run "fixsts" on all five of the linked vCenter appliances?

 

 

0 Kudos
ashilkrishnan
VMware Employee
VMware Employee

@pasalott ,

If these are in linked mode, you just have to run it on any one of the vCs. Please refer the note under impact/risks.

As these vCs are in linked mode, I would suggest powering down all 5 vCs and take a powered off snapshot. Once the snapshot is taken for these vCs, you can power them back on and ensure all services are running on all 5 vCs before  running fixsts.

0 Kudos