My problem is  import root-trust-jks success，but serivce-control --start --all  is fail, Please tell me the operation step 1. 2 .3 ... thanks

My  vm is  vcsa 6.0,

Unfortunately, after importing the new STS certificate, some vCenter service still failed to start.

Any more suggestion?

Which service failed to start? Could you please share the logs of that specific service?

Could you please run the next commands and show the output?

C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli store list

C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli entry list --store TRUSTED_ROOTS --text | more

C:\Users\Administrator>"C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli"

store list

MACHINE_SSL_CERT

TRUSTED_ROOTS

TRUSTED_ROOT_CRLS

machine

vsphere-webclient

vpxd

vpxd-extension

SMS

BACKUP_STORE

C:\Users\Administrator>

C:\Users\Administrator>"C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli"

entry list --store TRUSTED_ROOTS --text

Number of entries in store :    2

Alias : a727c0f89ce6a6c025da7fe4d80c1438c70e1aa7

Entry type :    Trusted Cert

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            f8:85:f4:9b:ec:9a:18:e8

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=scxt-vCenter

, OU=VMware

        Validity

            Not Before: Sep 23 01:34:42 2018 GMT

            Not After : Sep 20 01:34:42 2028 GMT

        Subject: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=scxt-vCente

r, OU=VMware

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:a4:b3:66:80:4b:ae:54:d2:e2:d9:47:1a:4d:e2:

                    39:30:b5:24:1f:a9:bf:8d:ff:f9:d1:45:f3:80:a2:

                    50:4d:c4:c4:c1:a6:64:9e:83:a3:78:97:35:f4:cf:

                    0a:36:32:e3:da:4f:ef:f8:7f:6a:df:2c:69:a1:39:

                    39:ed:51:ec:55:2f:0c:03:4a:1d:8c:f7:07:65:ee:

                    ee:b3:69:57:50:eb:f9:b2:5a:3a:17:5c:3b:4d:68:

                    41:00:37:f6:2b:87:35:a6:86:55:62:88:d3:6a:c1:

                    76:ac:17:34:87:18:3d:0d:f9:a2:50:26:22:b9:76:

                    b0:f3:ff:63:29:a7:8e:84:91:f5:86:44:8f:03:72:

                    7a:2a:ea:d1:68:ed:83:2d:5c:e1:48:1c:46:47:ab:

                    7f:a4:43:99:3b:29:e3:6c:8a:fe:6b:26:9a:3e:80:

                    93:8b:86:ad:66:21:f2:03:fb:18:79:1c:95:7d:7a:

                    6b:cd:d7:c6:5f:b8:cc:f4:6d:61:f8:9b:a6:08:de:

                    34:84:0b:d3:ec:b1:0b:0d:bd:37:26:76:07:64:d4:

                    cf:be:f1:8c:31:17:fa:3f:8b:2f:ba:90:6a:0f:ca:

                    6d:52:12:4d:eb:24:ed:b3:55:64:79:9a:12:e2:0d:

                    a9:31:77:35:76:ee:b5:84:28:4c:e0:c7:0a:18:fe:

                    34:55

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Subject Key Identifier:

                B8:FF:79:34:6C:A8:33:D7:F0:8D:B0:EE:9C:7D:E9:23:9E:A0:A7:96

            X509v3 Subject Alternative Name:

                email:email@acme.com, IP Address:127.0.0.1

            X509v3 Key Usage: critical

                Certificate Sign, CRL Sign

            X509v3 Basic Constraints: critical

                CA:TRUE, pathlen:0

    Signature Algorithm: sha256WithRSAEncryption

         3d:6d:c0:32:62:38:b1:a1:df:0b:51:bc:57:48:74:1a:c7:d1:

         92:0d:2f:34:6f:92:fc:69:cd:83:04:c9:af:43:56:d3:3a:25:

         c6:a9:44:ef:a4:11:8a:bd:ea:03:72:77:c2:cf:d4:c8:0f:81:

         f1:32:89:63:d8:30:cb:30:ca:5b:0b:e1:de:4f:e5:a4:2b:22:

         e0:d8:80:34:ae:94:a7:e2:ac:e1:5d:f5:7d:1b:fe:24:f2:f0:

         07:ba:73:bc:a1:b1:12:4b:df:e1:2c:04:9a:52:80:56:f5:9c:

         cd:e2:f2:2b:9b:58:8a:59:ba:46:bd:5e:72:37:a3:b2:59:e4:

         bf:19:df:7b:97:be:bf:ed:e1:f6:4f:d1:f8:96:8d:f2:9b:cd:

         b0:e6:d5:e2:cb:a0:c4:2b:e9:52:01:7c:9a:21:d3:2b:64:6b:

         9e:b6:60:c3:e3:ab:2c:be:3d:b5:2f:34:cd:e9:3a:62:34:49:

         cf:65:9c:7a:22:4f:92:ca:73:84:8e:33:3e:d9:61:e2:96:06:

         65:2a:02:69:30:1d:91:1c:6d:1d:61:6e:ee:8c:c5:05:3a:f6:

         d1:83:2e:83:44:d4:27:71:ec:aa:50:79:e3:01:f2:b2:5e:12:

         72:c3:e2:a6:1a:ff:53:cc:d3:90:11:0d:10:00:60:32:a2:a6:

         d7:80:9a:79

Alias : b3593d43b874601976e6e53b6080af9bdfaabc40

Entry type :    Trusted Cert

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            d6:d5:68:99:49:c7:94:f6

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: CN=new_VMCA, DC=vsphere, DC=local, C=CN, ST=Zhejiang, O=scxt-vCe

nter, OU=xxzx

        Validity

            Not Before: Oct 11 06:10:49 2020 GMT

            Not After : Oct  9 06:10:49 2030 GMT

        Subject: CN=new_VMCA, DC=vsphere, DC=local, C=CN, ST=Zhejiang, O=scxt-vC

enter, OU=xxzx

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:d7:cb:a0:eb:7c:f3:c9:50:0b:df:e9:b8:fd:9c:

                    24:e2:8a:d2:b8:f5:94:92:a2:79:93:9f:2b:53:8f:

                    cd:6d:1a:a4:c2:05:51:79:80:88:ca:ae:36:55:7f:

                    80:e7:6c:2d:e5:9a:c8:17:47:0f:a3:26:4d:3b:56:

                    66:98:58:ad:dc:37:a3:fb:06:eb:7c:67:d1:39:da:

                    0e:78:8b:6d:45:ef:0c:05:0f:7d:e7:0a:38:26:3d:

                    b1:a8:d2:e4:d3:b3:62:12:3c:cc:ed:e3:b0:05:0c:

                    40:29:19:e7:46:ef:6e:c9:1a:47:df:f4:da:a6:aa:

                    ed:ed:a5:d2:f6:23:ff:d7:00:ed:6f:c9:c9:e7:97:

                    b1:93:97:06:4c:fb:1e:ac:a0:54:66:03:d9:77:40:

                    d6:49:c7:73:88:5c:d8:5f:e1:cf:c5:2e:a0:03:16:

                    fe:a9:5b:59:20:98:55:0b:38:4d:2c:46:a5:b7:45:

                    9f:96:40:19:07:a7:b3:61:cc:81:33:28:bb:aa:0b:

                    0c:ee:ae:48:3e:a1:9b:fb:73:96:78:2a:d4:fd:3b:

                    0b:c7:e0:58:29:e7:5c:c7:f4:dd:51:fc:50:32:7b:

                    1a:16:fa:53:f6:55:99:22:87:58:ad:c1:09:52:62:

                    92:68:e2:58:b3:b3:64:93:e5:cf:03:1f:df:e2:d5:

                    50:41

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Subject Key Identifier:

                E5:01:88:15:E7:44:39:9D:BD:B4:D8:29:36:20:B8:5B:F4:A8:AF:45

            X509v3 Subject Alternative Name:

                IP Address:10.44.221.29

            X509v3 Key Usage: critical

                Certificate Sign, CRL Sign

            X509v3 Basic Constraints: critical

                CA:TRUE, pathlen:0

    Signature Algorithm: sha256WithRSAEncryption

         2f:ac:dd:61:f9:e6:1f:c2:38:61:ea:b9:86:da:f4:67:9c:b2:

         ce:07:1d:4a:d9:77:53:df:82:bd:b9:75:8e:10:e5:ca:8b:eb:

         72:7a:d0:c5:e5:f9:b5:94:7d:42:f5:09:7c:a8:f2:74:04:0f:

         d4:67:28:c4:0a:2b:e6:60:a6:99:3a:b7:b5:aa:02:47:41:3f:

         2f:34:e9:42:eb:dc:a1:be:78:18:8f:ef:f0:d9:c3:ba:83:a6:

         8a:35:91:26:b9:62:1e:ac:bf:02:74:cc:21:7e:70:d3:bd:6b:

         41:a8:a5:cf:09:f9:99:00:1a:3e:04:c0:33:d4:b3:62:1e:46:

         82:a3:4a:6d:64:24:16:bf:af:d6:0e:19:6f:98:36:10:6c:62:

         5e:88:dc:ae:8e:ac:d3:d3:e1:80:05:bc:49:f9:00:df:2f:f9:

         05:85:e9:b7:0d:49:2c:c3:54:9b:1b:32:67:41:7b:79:8b:18:

         92:ab:44:ce:91:e0:1e:a1:1a:91:46:92:08:e9:59:04:57:be:

         b4:9b:55:b1:74:d5:bc:29:90:34:b5:aa:7c:8a:7c:cc:4e:f8:

         85:54:0a:6a:ae:70:f3:89:17:0c:a0:f9:30:6b:81:c2:ef:d4:

         76:78:e3:dd:f7:39:ba:7f:13:7c:e6:2e:3f:8d:cc:4e:7d:12:

         94:83:11:0f

C:\Users\Administrator>

I can see that your certificate is on the TRUSTED_ROOT store, could you please confirm me if when you followed this procedure did you edited the certool.cfg: Generate a New STS Signing Certificate on a vCenter Windows Installation

I am asking this because you are using the default values:

X509v3 Subject Alternative Name:

email:email@acme.com, IP Address:127.0.0.1

Or are these values from the old certficate?

Hi,

These values are from the old certificate.

You can see the new values below.

Hi,

Please try to run the next:

C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli entry create --store TRUSTED_ROOTS --cert FULL_PATH_OF_CERT --key FULL_PATH_OF_KEY

For the path please use the same that is in your folder, what is going to do is adding this .cer in the TRUSTED_ROOT store. I do not think you will need to delete the old certificate but in case needed please take a Snapshot first and run:

C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli entry delete a727c0f89ce6a6c025da7fe4d80c1438c70e1aa7

That number is the ALIAS of your expired certificate with is showing error in the vCenter Inventory Service log.

The service still failed to start after above steps.

2020-10-14T23:30:54.288+08:00 [WrapperListener_start_runner  ERROR com.vmware.cis.lotus.LdapUtils  opId=] Certificate not trusted; [sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed]

Trust store: [

Alias: b3593d43b874601976e6e53b6080af9bdfaabc40

[

[

  Version: V3

Subject: OU=xxzx, O=scxt-vCenter, ST=Zhejiang, C=CN, DC=local, DC=vsphere, CN=new_VMCA

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits

  modulus: 27241648569484498837900051963413869326381690925745518521077884288673072636721442422571676457365155784802453142519946796422834042188793823736228045052642123988164868866521934418455232242316893081753174658959135387827206651775908015963306182506696220577380995259725648771121523991110081072554810079389232117057536605701793894541614845783421207535137290905066954134400884184450625141446061854762812678998232738690734601302242314245665242538855041715696201767122662151526547847543425707984234415425670922737850872863651509935208553688831934099255700355949386371983059260142740723205019609013097469198841171233378288357441

  public exponent: 65537

  Validity: [From: Sun Oct 11 14:10:49 CST 2020,

               To: Wed Oct 09 14:10:49 CST 2030]

  Issuer: OU=xxzx, O=scxt-vCenter, ST=Zhejiang, C=CN, DC=local, DC=vsphere, CN=new_VMCA

  SerialNumber: [    d6d56899 49c794f6]

Certificate Extensions: 4

[1]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

  CA:true

  PathLen:0

]

[2]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  Key_CertSign

  Crl_Sign

]

[3]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  IPAddress: 10.44.221.29

]

[4]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: E5 01 88 15 E7 44 39 9D   BD B4 D8 29 36 20 B8 5B  .....D9....)6 .[

0010: F4 A8 AF 45                                        ...E

]

]

]

  Algorithm: [SHA256withRSA]

  Signature:

0000: 2F AC DD 61 F9 E6 1F C2   38 61 EA B9 86 DA F4 67  /..a....8a.....g

0010: 9C B2 CE 07 1D 4A D9 77   53 DF 82 BD B9 75 8E 10  .....J.wS....u..

0020: E5 CA 8B EB 72 7A D0 C5   E5 F9 B5 94 7D 42 F5 09  ....rz.......B..

0030: 7C A8 F2 74 04 0F D4 67   28 C4 0A 2B E6 60 A6 99  ...t...g(..+.`..

0040: 3A B7 B5 AA 02 47 41 3F   2F 34 E9 42 EB DC A1 BE  :....GA?/4.B....

0050: 78 18 8F EF F0 D9 C3 BA   83 A6 8A 35 91 26 B9 62  x..........5.&.b

0060: 1E AC BF 02 74 CC 21 7E   70 D3 BD 6B 41 A8 A5 CF  ....t.!.p..kA...

0070: 09 F9 99 00 1A 3E 04 C0   33 D4 B3 62 1E 46 82 A3  .....>..3..b.F..

0080: 4A 6D 64 24 16 BF AF D6   0E 19 6F 98 36 10 6C 62  Jmd$......o.6.lb

0090: 5E 88 DC AE 8E AC D3 D3   E1 80 05 BC 49 F9 00 DF  ^...........I...

00A0: 2F F9 05 85 E9 B7 0D 49   2C C3 54 9B 1B 32 67 41  /......I,.T..2gA

00B0: 7B 79 8B 18 92 AB 44 CE   91 E0 1E A1 1A 91 46 92  .y....D.......F.

00C0: 08 E9 59 04 57 BE B4 9B   55 B1 74 D5 BC 29 90 34  ..Y.W...U.t..).4

00D0: B5 AA 7C 8A 7C CC 4E F8   85 54 0A 6A AE 70 F3 89  ......N..T.j.p..

00E0: 17 0C A0 F9 30 6B 81 C2   EF D4 76 78 E3 DD F7 39  ....0k....vx...9

00F0: BA 7F 13 7C E6 2E 3F 8D   CC 4E 7D 12 94 83 11 0F  ......?..N......

]

Alias: 333f1f516dea247c4f4d4e13933ea2ef629054bf

[

[

  Version: V3

  Subject: OU=scxt, O=hzliqun, L=Palo Alto, ST=Zhejiang, C=US, CN=STS

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits

  modulus: 25110676015509052887696271047954770133478087168079486792130367974126612029808125819934644731038396649744615973806883339682876430659220298607816574702302956456044574610028521735323231209004321922997383984596087886465702050430908257257275932944338216847145245986631769350119017786517265401377410380402156831012356973390701306567350674467745428248493117629671957856105517635138042571784721512184060958105090336070501439111341363017247382166345487772806891785871076093378647317093439196626653975375716124878679491296110052827397150719084822756330025054979256364849700603760286096587852264183273066249452941972971629577417

  public exponent: 65537

  Validity: [From: Tue Sep 15 16:00:02 CST 2020,

               To: Thu Sep 15 16:00:02 CST 2022]

  Issuer: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA

  SerialNumber: [    e7848b6c 3c69a532]

Certificate Extensions: 4

[1]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........#

0010: 9E A0 A7 96                                        ....

]

]

[2]: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

  DigitalSignature

  Non_repudiation

  Key_Encipherment

]

[3]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  RFC822Name: dongjh@ahope.com.cn

  IPAddress: 10.44.221.29

  DNSName: scxt-vCenter

]

[4]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 72 2B BA B0 A2 E4 A5 B9   2F 8B A5 BA 47 7C B6 25  r+....../...G..%

0010: 3F 86 5F DE                                        ?._.

]

]

]

  Algorithm: [SHA256withRSA]

  Signature:

0000: 10 38 FF 34 56 65 BC CB   D7 E6 4B 5D F4 88 91 5A  .8.4Ve....K]...Z

0010: 86 79 92 18 80 F5 A5 A1   70 E4 AC D8 BF 03 27 0A  .y......p.....'.

0020: D8 E7 AC F5 83 07 E3 22   13 7A 6F 19 AE EB D4 46  .......".zo....F

0030: E2 8D 0F 14 BB 3B B2 EF   56 06 0C C7 71 BA 8C BE  .....;..V...q...

0040: 9F 1A 3A 07 E0 FA 25 07   FF BC 03 E6 AD 35 AD 56  ..:...%......5.V

0050: CF 32 A2 38 28 A1 10 A5   36 2D 8B B6 ED A8 FF B2  .2.8(...6-......

0060: EA CF 76 5A EF 67 8A 21   31 12 98 B6 00 0A 39 A9  ..vZ.g.!1.....9.

0070: F4 9C 4E 3F F3 85 DE E9   F1 5F E9 8D FF E2 27 CB  ..N?....._....'.

0080: 88 9A 1E 9C CF 50 9E E2   AB CA 0C E0 03 5D E0 A0  .....P.......]..

0090: 34 9D D6 62 91 BE 22 72   2B 05 B5 81 B5 BD 90 92  4..b.."r+.......

00A0: E5 1E 9D B7 D5 8E EF D0   D6 3C A8 DF CC AB ED 47  .........<.....G

00B0: 07 05 18 2A 6E C3 4A D3   FB 29 86 91 13 BC C2 BB  ...*n.J..)......

00C0: CC 1F 20 34 B6 B2 6B 12   9C 6B 60 06 41 83 7A 3D  .. 4..k..k`.A.z=

00D0: 3D DC D7 D2 36 25 4E A7   02 5C 6F 4A 6A D7 87 4D  =...6%N..\oJj..M

00E0: B6 33 0F C1 38 22 E9 A0   AD 95 B9 9F 11 91 41 FC  .3..8"........A.

00F0: 5F AF B7 75 A6 93 3F 86   C1 D7 97 49 0D B2 BA 04  _..u..?....I....

]

Alias: a727c0f89ce6a6c025da7fe4d80c1438c70e1aa7

[

[

  Version: V3

  Subject: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits

  modulus: 20791547646434402980886441557292023853851827712760265797799246125154728932581237103693641633490206657753181778468362187030988333035967113704622459829441402664741936580766322942010828989190524850384858985583494085812202462261993099037227022246354311672509352623382825077253894640577793906147071995428213246303243485385612759399858172748847541061550218893004636380605933755048113178064685752117885251226945213562003666095449936320046223841681338360145101863634040347565747062060371028120192003587140324556851562104558943586696832441522929412573567010239888134060972246071395734194971364677511583686445056515333882262613

  public exponent: 65537

  Validity: [From: Sun Sep 23 09:34:42 CST 2018,

               To: Wed Sep 20 09:34:42 CST 2028]

  Issuer: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA

  SerialNumber: [    f885f49b ec9a18e8]

Certificate Extensions: 4

[1]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

  CA:true

  PathLen:0

]

[2]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  Key_CertSign

  Crl_Sign

]

[3]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  RFC822Name: email@acme.com

  IPAddress: 127.0.0.1

]

[4]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........#

0010: 9E A0 A7 96                                        ....

]

]

]

  Algorithm: [SHA256withRSA]

  Signature:

0000: 3D 6D C0 32 62 38 B1 A1   DF 0B 51 BC 57 48 74 1A  =m.2b8....Q.WHt.

0010: C7 D1 92 0D 2F 34 6F 92   FC 69 CD 83 04 C9 AF 43  ..../4o..i.....C

0020: 56 D3 3A 25 C6 A9 44 EF   A4 11 8A BD EA 03 72 77  V.:%..D.......rw

0030: C2 CF D4 C8 0F 81 F1 32   89 63 D8 30 CB 30 CA 5B  .......2.c.0.0.[

0040: 0B E1 DE 4F E5 A4 2B 22   E0 D8 80 34 AE 94 A7 E2  ...O..+"...4....

0050: AC E1 5D F5 7D 1B FE 24   F2 F0 07 BA 73 BC A1 B1  ..]....$....s...

0060: 12 4B DF E1 2C 04 9A 52   80 56 F5 9C CD E2 F2 2B  .K..,..R.V.....+

0070: 9B 58 8A 59 BA 46 BD 5E   72 37 A3 B2 59 E4 BF 19  .X.Y.F.^r7..Y...

0080: DF 7B 97 BE BF ED E1 F6   4F D1 F8 96 8D F2 9B CD  ........O.......

0090: B0 E6 D5 E2 CB A0 C4 2B   E9 52 01 7C 9A 21 D3 2B  .......+.R...!.+

00A0: 64 6B 9E B6 60 C3 E3 AB   2C BE 3D B5 2F 34 CD E9  dk..`...,.=./4..

00B0: 3A 62 34 49 CF 65 9C 7A   22 4F 92 CA 73 84 8E 33  :b4I.e.z"O..s..3

00C0: 3E D9 61 E2 96 06 65 2A   02 69 30 1D 91 1C 6D 1D  >.a...e*.i0...m.

00D0: 61 6E EE 8C C5 05 3A F6   D1 83 2E 83 44 D4 27 71  an....:.....D.'q

00E0: EC AA 50 79 E3 01 F2 B2   5E 12 72 C3 E2 A6 1A FF  ..Py....^.r.....

00F0: 53 CC D3 90 11 0D 10 00   60 32 A2 A6 D7 80 9A 79  S.......`2.....y

]

]

Certificate: [

[

  Version: V3

  Subject: C=US, CN=10.44.221.29

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits

  modulus: 24649290579556581022992861647856995211855507289037553844797340297419870593178328179491826939447668930379759953606709897526279215048092606722222488330938825572650724834288078641951239052518222380968962150841065693508478812028714868053066397343604715667284417056608635356788915305425604855656905863065312306926274589175168938345338169287600702709965704419697309432029801963915680364196418111421998922415875190403362528871044053293752500877435421285440378793342344650582068328916342793992902812328749796061346441392292170378898916119157307411380225207111129318966343433922583001320341543384848354738773103365068216281243

  public exponent: 65537

  Validity: [From: Wed Sep 26 09:34:54 CST 2018,

               To: Fri Sep 25 21:34:54 CST 2020]

  Issuer: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA

  SerialNumber: [    cc13a336 8e79ca2d]

Certificate Extensions: 3

[1]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........#

0010: 9E A0 A7 96                                        ....

]

]

[2]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  IPAddress: 10.44.221.29

]

[3]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 59 11 E4 64 4F D4 48 35   85 A5 BE DF 2C D9 6D 9F  Y..dO.H5....,.m.

0010: 96 FA 48 D4                                        ..H.

]

]

]

  Algorithm: [SHA256withRSA]

  Signature:

0000: 0B C0 3E C8 DB 64 44 E5   90 81 7E B6 AD BE 6A 25  ..>..dD.......j%

0010: D8 24 8E FD D1 D7 26 59   B7 F4 CD 05 7C 39 09 23  .$....&Y.....9.#

0020: C8 CA F3 CB 1B AC 85 30   6E 45 CB 4E EC 5E 84 DB  .......0nE.N.^..

0030: CB 1D 8E 5E 60 35 12 D4   0C 1F E0 DC 36 76 E4 F4  ...^`5......6v..

0040: EE 26 73 0E F6 39 E2 E8   F1 C5 27 A7 D6 9E 44 22  .&s..9....'...D"

0050: BC 3A EA 61 93 41 0E ED   45 6A B7 3D 61 6F B6 30  .:.a.A..Ej.=ao.0

0060: A8 C2 D3 9C 1F 79 5B 5C   67 AC C1 DD 9E 81 29 7F  .....y[\g.....).

0070: 8E 3B 3C 11 C5 68 FE 11   8C E9 96 BE 7E 2E 93 D2  .;<..h..........

0080: 94 FB BF 17 5D FD 11 43   65 83 2E 5D D5 5D B5 4A  ....]..Ce..].].J

0090: F6 33 12 EB 09 37 75 E8   8E 8E 78 60 C0 45 05 40  .3...7u...x`.E.@

00A0: 18 A8 6E 51 FE EE 0B EB   31 B9 03 3B BA 43 B9 A4  ..nQ....1..;.C..

00B0: EE 97 E8 72 B9 87 90 98   77 A2 2A E9 FB 36 00 30  ...r....w.*..6.0

00C0: C4 2C B4 F3 46 03 C5 9D   A3 13 49 CB 1A 8E 55 0A  .,..F.....I...U.

00D0: 13 A8 6D A6 F5 FE BB 59   D6 AA CC 66 17 11 C7 FB  ..m....Y...f....

00E0: 96 9C CC 11 ED 3F EE 5E   E2 DC 39 C7 66 4C 9A B1  .....?.^..9.fL..

00F0: 92 DD AE D5 F8 53 DF BE   67 86 EC B8 3E 03 E8 47  .....S..g...>..G

]

I am not sure what issues are you facing right now as the certificate is correctly imported there. Are you sure also this certificate is imported in the keystore mentioned in the previous steps?

Please do not paste the whole output as it has a lot of data that is irrelevant and it confuses.

Also I can see some entries that says new_VMCA, have you reseted all the certificates or only the STS one?

Might help someone who runs into this issue where the inventory service won't start.

Replacing vmdir certificates on vCenter 6.0

https://blog.ntitta.in/?p=114