dongjh's Posts

The service still failed to start after above steps. 2020-10-14T23:30:54.288+08:00 [WrapperListener_start_runner  ERROR com.vmware.cis.lotus.LdapUtils  opId=] Certificate not trusted; [sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed] Trust store: [ Alias: b3593d43b874601976e6e53b6080af9bdfaabc40 [ [   Version: V3 Subject: OU=xxzx, O=scxt-vCenter, ST=Zhejiang, C=CN, DC=local, DC=vsphere, CN=new_VMCA   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11   Key:  Sun RSA public key, 2048 bits   modulus: 27241648569484498837900051963413869326381690925745518521077884288673072636721442422571676457365155784802453142519946796422834042188793823736228045052642123988164868866521934418455232242316893081753174658959135387827206651775908015963306182506696220577380995259725648771121523991110081072554810079389232117057536605701793894541614845783421207535137290905066954134400884184450625141446061854762812678998232738690734601302242314245665242538855041715696201767122662151526547847543425707984234415425670922737850872863651509935208553688831934099255700355949386371983059260142740723205019609013097469198841171233378288357441   public exponent: 65537   Validity: [From: Sun Oct 11 14:10:49 CST 2020,                To: Wed Oct 09 14:10:49 CST 2030]   Issuer: OU=xxzx, O=scxt-vCenter, ST=Zhejiang, C=CN, DC=local, DC=vsphere, CN=new_VMCA   SerialNumber: [    d6d56899 49c794f6] Certificate Extensions: 4 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[   CA:true   PathLen:0 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [   Key_CertSign   Crl_Sign ] [3]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   IPAddress: 10.44.221.29 ] [4]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: E5 01 88 15 E7 44 39 9D   BD B4 D8 29 36 20 B8 5B  .....D9....)6 .[ 0010: F4 A8 AF 45                                        ...E ] ] ]   Algorithm: [SHA256withRSA]   Signature: 0000: 2F AC DD 61 F9 E6 1F C2   38 61 EA B9 86 DA F4 67  /..a....8a.....g 0010: 9C B2 CE 07 1D 4A D9 77   53 DF 82 BD B9 75 8E 10  .....J.wS....u.. 0020: E5 CA 8B EB 72 7A D0 C5   E5 F9 B5 94 7D 42 F5 09  ....rz.......B.. 0030: 7C A8 F2 74 04 0F D4 67   28 C4 0A 2B E6 60 A6 99  ...t...g(..+.`.. 0040: 3A B7 B5 AA 02 47 41 3F   2F 34 E9 42 EB DC A1 BE  :....GA?/4.B.... 0050: 78 18 8F EF F0 D9 C3 BA   83 A6 8A 35 91 26 B9 62  x..........5.&.b 0060: 1E AC BF 02 74 CC 21 7E   70 D3 BD 6B 41 A8 A5 CF  ....t.!.p..kA... 0070: 09 F9 99 00 1A 3E 04 C0   33 D4 B3 62 1E 46 82 A3  .....>..3..b.F.. 0080: 4A 6D 64 24 16 BF AF D6   0E 19 6F 98 36 10 6C 62  Jmd$......o.6.lb 0090: 5E 88 DC AE 8E AC D3 D3   E1 80 05 BC 49 F9 00 DF  ^...........I... 00A0: 2F F9 05 85 E9 B7 0D 49   2C C3 54 9B 1B 32 67 41  /......I,.T..2gA 00B0: 7B 79 8B 18 92 AB 44 CE   91 E0 1E A1 1A 91 46 92  .y....D.......F. 00C0: 08 E9 59 04 57 BE B4 9B   55 B1 74 D5 BC 29 90 34  ..Y.W...U.t..).4 00D0: B5 AA 7C 8A 7C CC 4E F8   85 54 0A 6A AE 70 F3 89  ......N..T.j.p.. 00E0: 17 0C A0 F9 30 6B 81 C2   EF D4 76 78 E3 DD F7 39  ....0k....vx...9 00F0: BA 7F 13 7C E6 2E 3F 8D   CC 4E 7D 12 94 83 11 0F  ......?..N...... ] Alias: 333f1f516dea247c4f4d4e13933ea2ef629054bf [ [   Version: V3   Subject: OU=scxt, O=hzliqun, L=Palo Alto, ST=Zhejiang, C=US, CN=STS   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11   Key:  Sun RSA public key, 2048 bits   modulus: 25110676015509052887696271047954770133478087168079486792130367974126612029808125819934644731038396649744615973806883339682876430659220298607816574702302956456044574610028521735323231209004321922997383984596087886465702050430908257257275932944338216847145245986631769350119017786517265401377410380402156831012356973390701306567350674467745428248493117629671957856105517635138042571784721512184060958105090336070501439111341363017247382166345487772806891785871076093378647317093439196626653975375716124878679491296110052827397150719084822756330025054979256364849700603760286096587852264183273066249452941972971629577417   public exponent: 65537   Validity: [From: Tue Sep 15 16:00:02 CST 2020,                To: Thu Sep 15 16:00:02 CST 2022]   Issuer: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA   SerialNumber: [    e7848b6c 3c69a532] Certificate Extensions: 4 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........# 0010: 9E A0 A7 96                                        .... ] ] [2]: ObjectId: 2.5.29.15 Criticality=false KeyUsage [   DigitalSignature   Non_repudiation   Key_Encipherment ] [3]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   RFC822Name: dongjh@ahope.com.cn   IPAddress: 10.44.221.29   DNSName: scxt-vCenter ] [4]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 72 2B BA B0 A2 E4 A5 B9   2F 8B A5 BA 47 7C B6 25  r+....../...G..% 0010: 3F 86 5F DE                                        ?._. ] ] ]   Algorithm: [SHA256withRSA]   Signature: 0000: 10 38 FF 34 56 65 BC CB   D7 E6 4B 5D F4 88 91 5A  .8.4Ve....K]...Z 0010: 86 79 92 18 80 F5 A5 A1   70 E4 AC D8 BF 03 27 0A  .y......p.....'. 0020: D8 E7 AC F5 83 07 E3 22   13 7A 6F 19 AE EB D4 46  .......".zo....F 0030: E2 8D 0F 14 BB 3B B2 EF   56 06 0C C7 71 BA 8C BE  .....;..V...q... 0040: 9F 1A 3A 07 E0 FA 25 07   FF BC 03 E6 AD 35 AD 56  ..:...%......5.V 0050: CF 32 A2 38 28 A1 10 A5   36 2D 8B B6 ED A8 FF B2  .2.8(...6-...... 0060: EA CF 76 5A EF 67 8A 21   31 12 98 B6 00 0A 39 A9  ..vZ.g.!1.....9. 0070: F4 9C 4E 3F F3 85 DE E9   F1 5F E9 8D FF E2 27 CB  ..N?....._....'. 0080: 88 9A 1E 9C CF 50 9E E2   AB CA 0C E0 03 5D E0 A0  .....P.......].. 0090: 34 9D D6 62 91 BE 22 72   2B 05 B5 81 B5 BD 90 92  4..b.."r+....... 00A0: E5 1E 9D B7 D5 8E EF D0   D6 3C A8 DF CC AB ED 47  .........<.....G 00B0: 07 05 18 2A 6E C3 4A D3   FB 29 86 91 13 BC C2 BB  ...*n.J..)...... 00C0: CC 1F 20 34 B6 B2 6B 12   9C 6B 60 06 41 83 7A 3D  .. 4..k..k`.A.z= 00D0: 3D DC D7 D2 36 25 4E A7   02 5C 6F 4A 6A D7 87 4D  =...6%N..\oJj..M 00E0: B6 33 0F C1 38 22 E9 A0   AD 95 B9 9F 11 91 41 FC  .3..8"........A. 00F0: 5F AF B7 75 A6 93 3F 86   C1 D7 97 49 0D B2 BA 04  _..u..?....I.... ] Alias: a727c0f89ce6a6c025da7fe4d80c1438c70e1aa7 [ [   Version: V3   Subject: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11   Key:  Sun RSA public key, 2048 bits   modulus: 20791547646434402980886441557292023853851827712760265797799246125154728932581237103693641633490206657753181778468362187030988333035967113704622459829441402664741936580766322942010828989190524850384858985583494085812202462261993099037227022246354311672509352623382825077253894640577793906147071995428213246303243485385612759399858172748847541061550218893004636380605933755048113178064685752117885251226945213562003666095449936320046223841681338360145101863634040347565747062060371028120192003587140324556851562104558943586696832441522929412573567010239888134060972246071395734194971364677511583686445056515333882262613   public exponent: 65537   Validity: [From: Sun Sep 23 09:34:42 CST 2018,                To: Wed Sep 20 09:34:42 CST 2028]   Issuer: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA   SerialNumber: [    f885f49b ec9a18e8] Certificate Extensions: 4 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[   CA:true   PathLen:0 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [   Key_CertSign   Crl_Sign ] [3]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   RFC822Name: email@acme.com   IPAddress: 127.0.0.1 ] [4]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........# 0010: 9E A0 A7 96                                        .... ] ] ]   Algorithm: [SHA256withRSA]   Signature: 0000: 3D 6D C0 32 62 38 B1 A1   DF 0B 51 BC 57 48 74 1A  =m.2b8....Q.WHt. 0010: C7 D1 92 0D 2F 34 6F 92   FC 69 CD 83 04 C9 AF 43  ..../4o..i.....C 0020: 56 D3 3A 25 C6 A9 44 EF   A4 11 8A BD EA 03 72 77  V.:%..D.......rw 0030: C2 CF D4 C8 0F 81 F1 32   89 63 D8 30 CB 30 CA 5B  .......2.c.0.0.[ 0040: 0B E1 DE 4F E5 A4 2B 22   E0 D8 80 34 AE 94 A7 E2  ...O..+"...4.... 0050: AC E1 5D F5 7D 1B FE 24   F2 F0 07 BA 73 BC A1 B1  ..]....$....s... 0060: 12 4B DF E1 2C 04 9A 52   80 56 F5 9C CD E2 F2 2B  .K..,..R.V.....+ 0070: 9B 58 8A 59 BA 46 BD 5E   72 37 A3 B2 59 E4 BF 19  .X.Y.F.^r7..Y... 0080: DF 7B 97 BE BF ED E1 F6   4F D1 F8 96 8D F2 9B CD  ........O....... 0090: B0 E6 D5 E2 CB A0 C4 2B   E9 52 01 7C 9A 21 D3 2B  .......+.R...!.+ 00A0: 64 6B 9E B6 60 C3 E3 AB   2C BE 3D B5 2F 34 CD E9  dk..`...,.=./4.. 00B0: 3A 62 34 49 CF 65 9C 7A   22 4F 92 CA 73 84 8E 33  :b4I.e.z"O..s..3 00C0: 3E D9 61 E2 96 06 65 2A   02 69 30 1D 91 1C 6D 1D  >.a...e*.i0...m. 00D0: 61 6E EE 8C C5 05 3A F6   D1 83 2E 83 44 D4 27 71  an....:.....D.'q 00E0: EC AA 50 79 E3 01 F2 B2   5E 12 72 C3 E2 A6 1A FF  ..Py....^.r..... 00F0: 53 CC D3 90 11 0D 10 00   60 32 A2 A6 D7 80 9A 79  S.......`2.....y ] ] Certificate: [ [   Version: V3   Subject: C=US, CN=10.44.221.29   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11   Key:  Sun RSA public key, 2048 bits   modulus: 24649290579556581022992861647856995211855507289037553844797340297419870593178328179491826939447668930379759953606709897526279215048092606722222488330938825572650724834288078641951239052518222380968962150841065693508478812028714868053066397343604715667284417056608635356788915305425604855656905863065312306926274589175168938345338169287600702709965704419697309432029801963915680364196418111421998922415875190403362528871044053293752500877435421285440378793342344650582068328916342793992902812328749796061346441392292170378898916119157307411380225207111129318966343433922583001320341543384848354738773103365068216281243   public exponent: 65537   Validity: [From: Wed Sep 26 09:34:54 CST 2018,                To: Fri Sep 25 21:34:54 CST 2020]   Issuer: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN=CA   SerialNumber: [    cc13a336 8e79ca2d] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........# 0010: 9E A0 A7 96                                        .... ] ] [2]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   IPAddress: 10.44.221.29 ] [3]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 59 11 E4 64 4F D4 48 35   85 A5 BE DF 2C D9 6D 9F  Y..dO.H5....,.m. 0010: 96 FA 48 D4                                        ..H. ] ] ]   Algorithm: [SHA256withRSA]   Signature: 0000: 0B C0 3E C8 DB 64 44 E5   90 81 7E B6 AD BE 6A 25  ..>..dD.......j% 0010: D8 24 8E FD D1 D7 26 59   B7 F4 CD 05 7C 39 09 23  .$....&Y.....9.# 0020: C8 CA F3 CB 1B AC 85 30   6E 45 CB 4E EC 5E 84 DB  .......0nE.N.^.. 0030: CB 1D 8E 5E 60 35 12 D4   0C 1F E0 DC 36 76 E4 F4  ...^`5......6v.. 0040: EE 26 73 0E F6 39 E2 E8   F1 C5 27 A7 D6 9E 44 22  .&s..9....'...D" 0050: BC 3A EA 61 93 41 0E ED   45 6A B7 3D 61 6F B6 30  .:.a.A..Ej.=ao.0 0060: A8 C2 D3 9C 1F 79 5B 5C   67 AC C1 DD 9E 81 29 7F  .....y[\g.....). 0070: 8E 3B 3C 11 C5 68 FE 11   8C E9 96 BE 7E 2E 93 D2  .;<..h.......... 0080: 94 FB BF 17 5D FD 11 43   65 83 2E 5D D5 5D B5 4A  ....]..Ce..].].J 0090: F6 33 12 EB 09 37 75 E8   8E 8E 78 60 C0 45 05 40  .3...7u...x`.E.@ 00A0: 18 A8 6E 51 FE EE 0B EB   31 B9 03 3B BA 43 B9 A4  ..nQ....1..;.C.. 00B0: EE 97 E8 72 B9 87 90 98   77 A2 2A E9 FB 36 00 30  ...r....w.*..6.0 00C0: C4 2C B4 F3 46 03 C5 9D   A3 13 49 CB 1A 8E 55 0A  .,..F.....I...U. 00D0: 13 A8 6D A6 F5 FE BB 59   D6 AA CC 66 17 11 C7 FB  ..m....Y...f.... 00E0: 96 9C CC 11 ED 3F EE 5E   E2 DC 39 C7 66 4C 9A B1  .....?.^..9.fL.. 00F0: 92 DD AE D5 F8 53 DF BE   67 86 EC B8 3E 03 E8 47  .....S..g...>..G ]

C:\Users\Administrator>"C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli" store list MACHINE_SSL_CERT TRUSTED_ROOTS TRUSTED_ROOT_CRLS machine vsphere-webclient vpxd vpxd-extension SMS BACKUP_STORE C:\Users\Administrator> C:\Users\Administrator>"C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli" entry list --store TRUSTED_ROOTS --text Number of entries in store :    2 Alias : a727c0f89ce6a6c025da7fe4d80c1438c70e1aa7 Entry type :    Trusted Cert Certificate:     Data:         Version: 3 (0x2)         Serial Number:             f8:85:f4:9b:ec:9a:18:e8     Signature Algorithm: sha256WithRSAEncryption         Issuer: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=scxt-vCenter , OU=VMware         Validity             Not Before: Sep 23 01:34:42 2018 GMT             Not After : Sep 20 01:34:42 2028 GMT         Subject: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=scxt-vCente r, OU=VMware         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 Public-Key: (2048 bit)                 Modulus:                     00:a4:b3:66:80:4b:ae:54:d2:e2:d9:47:1a:4d:e2:                     39:30:b5:24:1f:a9:bf:8d:ff:f9:d1:45:f3:80:a2:                     50:4d:c4:c4:c1:a6:64:9e:83:a3:78:97:35:f4:cf:                     0a:36:32:e3:da:4f:ef:f8:7f:6a:df:2c:69:a1:39:                     39:ed:51:ec:55:2f:0c:03:4a:1d:8c:f7:07:65:ee:                     ee:b3:69:57:50:eb:f9:b2:5a:3a:17:5c:3b:4d:68:                     41:00:37:f6:2b:87:35:a6:86:55:62:88:d3:6a:c1:                     76:ac:17:34:87:18:3d:0d:f9:a2:50:26:22:b9:76:                     b0:f3:ff:63:29:a7:8e:84:91:f5:86:44:8f:03:72:                     7a:2a:ea:d1:68:ed:83:2d:5c:e1:48:1c:46:47:ab:                     7f:a4:43:99:3b:29:e3:6c:8a:fe:6b:26:9a:3e:80:                     93:8b:86:ad:66:21:f2:03:fb:18:79:1c:95:7d:7a:                     6b:cd:d7:c6:5f:b8:cc:f4:6d:61:f8:9b:a6:08:de:                     34:84:0b:d3:ec:b1:0b:0d:bd:37:26:76:07:64:d4:                     cf:be:f1:8c:31:17:fa:3f:8b:2f:ba:90:6a:0f:ca:                     6d:52:12:4d:eb:24:ed:b3:55:64:79:9a:12:e2:0d:                     a9:31:77:35:76:ee:b5:84:28:4c:e0:c7:0a:18:fe:                     34:55                 Exponent: 65537 (0x10001)         X509v3 extensions:             X509v3 Subject Key Identifier:                 B8:FF:79:34:6C:A8:33:D7:F0:8D:B0:EE:9C:7D:E9:23:9E:A0:A7:96             X509v3 Subject Alternative Name:                 email:email@acme.com, IP Address:127.0.0.1             X509v3 Key Usage: critical                 Certificate Sign, CRL Sign             X509v3 Basic Constraints: critical                 CA:TRUE, pathlen:0     Signature Algorithm: sha256WithRSAEncryption          3d:6d:c0:32:62:38:b1:a1:df:0b:51:bc:57:48:74:1a:c7:d1:          92:0d:2f:34:6f:92:fc:69:cd:83:04:c9:af:43:56:d3:3a:25:          c6:a9:44:ef:a4:11:8a:bd:ea:03:72:77:c2:cf:d4:c8:0f:81:          f1:32:89:63:d8:30:cb:30:ca:5b:0b:e1:de:4f:e5:a4:2b:22:          e0:d8:80:34:ae:94:a7:e2:ac:e1:5d:f5:7d:1b:fe:24:f2:f0:          07:ba:73:bc:a1:b1:12:4b:df:e1:2c:04:9a:52:80:56:f5:9c:          cd:e2:f2:2b:9b:58:8a:59:ba:46:bd:5e:72:37:a3:b2:59:e4:          bf:19:df:7b:97:be:bf:ed:e1:f6:4f:d1:f8:96:8d:f2:9b:cd:          b0:e6:d5:e2:cb:a0:c4:2b:e9:52:01:7c:9a:21:d3:2b:64:6b:          9e:b6:60:c3:e3:ab:2c:be:3d:b5:2f:34:cd:e9:3a:62:34:49:          cf:65:9c:7a:22:4f:92:ca:73:84:8e:33:3e:d9:61:e2:96:06:          65:2a:02:69:30:1d:91:1c:6d:1d:61:6e:ee:8c:c5:05:3a:f6:          d1:83:2e:83:44:d4:27:71:ec:aa:50:79:e3:01:f2:b2:5e:12:          72:c3:e2:a6:1a:ff:53:cc:d3:90:11:0d:10:00:60:32:a2:a6:          d7:80:9a:79 Alias : b3593d43b874601976e6e53b6080af9bdfaabc40 Entry type :    Trusted Cert Certificate:     Data:         Version: 3 (0x2)         Serial Number:             d6:d5:68:99:49:c7:94:f6     Signature Algorithm: sha256WithRSAEncryption         Issuer: CN=new_VMCA, DC=vsphere, DC=local, C=CN, ST=Zhejiang, O=scxt-vCe nter, OU=xxzx         Validity             Not Before: Oct 11 06:10:49 2020 GMT             Not After : Oct  9 06:10:49 2030 GMT         Subject: CN=new_VMCA, DC=vsphere, DC=local, C=CN, ST=Zhejiang, O=scxt-vC enter, OU=xxzx         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 Public-Key: (2048 bit)                 Modulus:                     00:d7:cb:a0:eb:7c:f3:c9:50:0b:df:e9:b8:fd:9c:                     24:e2:8a:d2:b8:f5:94:92:a2:79:93:9f:2b:53:8f:                     cd:6d:1a:a4:c2:05:51:79:80:88:ca:ae:36:55:7f:                     80:e7:6c:2d:e5:9a:c8:17:47:0f:a3:26:4d:3b:56:                     66:98:58:ad:dc:37:a3:fb:06:eb:7c:67:d1:39:da:                     0e:78:8b:6d:45:ef:0c:05:0f:7d:e7:0a:38:26:3d:                     b1:a8:d2:e4:d3:b3:62:12:3c:cc:ed:e3:b0:05:0c:                     40:29:19:e7:46:ef:6e:c9:1a:47:df:f4:da:a6:aa:                     ed:ed:a5:d2:f6:23:ff:d7:00:ed:6f:c9:c9:e7:97:                     b1:93:97:06:4c:fb:1e:ac:a0:54:66:03:d9:77:40:                     d6:49:c7:73:88:5c:d8:5f:e1:cf:c5:2e:a0:03:16:                     fe:a9:5b:59:20:98:55:0b:38:4d:2c:46:a5:b7:45:                     9f:96:40:19:07:a7:b3:61:cc:81:33:28:bb:aa:0b:                     0c:ee:ae:48:3e:a1:9b:fb:73:96:78:2a:d4:fd:3b:                     0b:c7:e0:58:29:e7:5c:c7:f4:dd:51:fc:50:32:7b:                     1a:16:fa:53:f6:55:99:22:87:58:ad:c1:09:52:62:                     92:68:e2:58:b3:b3:64:93:e5:cf:03:1f:df:e2:d5:                     50:41                 Exponent: 65537 (0x10001)         X509v3 extensions:             X509v3 Subject Key Identifier:                 E5:01:88:15:E7:44:39:9D:BD:B4:D8:29:36:20:B8:5B:F4:A8:AF:45             X509v3 Subject Alternative Name:                 IP Address:10.44.221.29             X509v3 Key Usage: critical                 Certificate Sign, CRL Sign             X509v3 Basic Constraints: critical                 CA:TRUE, pathlen:0     Signature Algorithm: sha256WithRSAEncryption          2f:ac:dd:61:f9:e6:1f:c2:38:61:ea:b9:86:da:f4:67:9c:b2:          ce:07:1d:4a:d9:77:53:df:82:bd:b9:75:8e:10:e5:ca:8b:eb:          72:7a:d0:c5:e5:f9:b5:94:7d:42:f5:09:7c:a8:f2:74:04:0f:          d4:67:28:c4:0a:2b:e6:60:a6:99:3a:b7:b5:aa:02:47:41:3f:          2f:34:e9:42:eb:dc:a1:be:78:18:8f:ef:f0:d9:c3:ba:83:a6:          8a:35:91:26:b9:62:1e:ac:bf:02:74:cc:21:7e:70:d3:bd:6b:          41:a8:a5:cf:09:f9:99:00:1a:3e:04:c0:33:d4:b3:62:1e:46:          82:a3:4a:6d:64:24:16:bf:af:d6:0e:19:6f:98:36:10:6c:62:          5e:88:dc:ae:8e:ac:d3:d3:e1:80:05:bc:49:f9:00:df:2f:f9:          05:85:e9:b7:0d:49:2c:c3:54:9b:1b:32:67:41:7b:79:8b:18:          92:ab:44:ce:91:e0:1e:a1:1a:91:46:92:08:e9:59:04:57:be:          b4:9b:55:b1:74:d5:bc:29:90:34:b5:aa:7c:8a:7c:cc:4e:f8:          85:54:0a:6a:ae:70:f3:89:17:0c:a0:f9:30:6b:81:c2:ef:d4:          76:78:e3:dd:f7:39:ba:7f:13:7c:e6:2e:3f:8d:cc:4e:7d:12:          94:83:11:0f C:\Users\Administrator>

Thank you for your great help ! But the certificate expiring warning is still there, can i ignore it ? It seems the new certificate is used. Trusted path found: <OU=scxt,O=hzliqun,L=Palo Alto,ST=Zhejiang,C=US,CN=STS> [2020-09-15T17:00:01.975+08:00 pool-2-thread-3 opId=bfffae9d-5700-4ee6-a1d7-54f0c6ca1e40 DEBUG com.vmware.identity.token.impl.SamlTokenImpl] SAML token signature is valid status: true

The similar issue, after refreshing the expiring certificate(and reboot), multiple certificate were there, and it still said the certificate is expiring. How can i take the new certificate effect and remove the useful ones?

C:\ProgramData\VMware\vCenterServer\cfg\sso\keys\newsts>"C:\Program Files\VMware \vCenter Server\jre\bin\keytool.exe" -list -v -keystore root-trust.jks 输入密钥库口令: 密钥库类型: JKS 密钥库提供方: SUN 您的密钥库包含 2 个条目 别名: root-ca 创建日期: 2020-9-14 条目类型: trustedCertEntry 所有者: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN =CA 发布者: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN =CA 序列号: f885f49bec9a18e8 有效期为 Sun Sep 23 09:34:42 CST 2018 至 Wed Sep 20 09:34:42 CST 2028 证书指纹:          MD5:  9E:9E:7C:AF:70:7F:DC:02:C3:AE:E0:40:2C:80:DE:FD          SHA1: A7:27:C0:F8:9C:E6:A6:C0:25:DA:7F:E4:D8:0C:14:38:C7:0E:1A:A7          SHA256: 38:9D:83:6B:51:10:44:43:71:70:3A:C6:B8:9A:BC:B0:32:66:55:6C:3D: E4:C2:61:6C:FD:FF:40:45:AF:E2:AA 签名算法名称: SHA256withRSA 主体公共密钥算法: 2048 位 RSA 密钥 版本: 3 扩展: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[   CA:true   PathLen:0 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [   Key_CertSign   Crl_Sign ] #3: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   RFC822Name: email@acme.com   IPAddress: 127.0.0.1 ] #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........# 0010: 9E A0 A7 96                                        .... ] ] ******************************************* ******************************************* 别名: newstssigning 创建日期: 2020-9-14 条目类型: PrivateKeyEntry 证书链长度: 2 证书[1]: 所有者: OU=VMware, O=VMware, L=Palo Alto, ST=California, C=US, CN=CA 发布者: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN =CA 序列号: df6477ab15b7445d 有效期为 Mon Sep 14 14:41:13 CST 2020 至 Wed Sep 14 14:41:13 CST 2022 证书指纹:          MD5:  2F:E3:3F:98:DA:64:4F:28:1F:85:EB:5A:83:C9:5B:66          SHA1: 78:AB:83:21:3D:3E:F0:6A:DF:C9:CC:4E:32:B3:9B:7F:FC:2C:E8:74          SHA256: E7:EB:28:4C:AC:7E:9B:94:03:89:08:72:3C:46:D4:82:FB:C8:B0:4F:BC: AB:3B:B5:6B:65:B2:7E:C7:26:DB:28 签名算法名称: SHA256withRSA 主体公共密钥算法: 2048 位 RSA 密钥 版本: 3 扩展: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........# 0010: 9E A0 A7 96                                        .... ] ] #2: ObjectId: 2.5.29.15 Criticality=false KeyUsage [   DigitalSignature   Non_repudiation   Key_Encipherment ] #3: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   RFC822Name: dongjh@ahope.com.cn   IPAddress: 10.44.221.29   DNSName: scxt-vCenter ] #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: EC FC 60 86 DF 98 B2 15   D3 56 7A 7F BF 23 B4 25  ..`......Vz..#.% 0010: 7D E8 3C 89                                        ..<. ] ] 证书[2]: 所有者: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN =CA 发布者: OU=VMware, O=scxt-vCenter, ST=California, C=US, DC=local, DC=vsphere, CN =CA 序列号: f885f49bec9a18e8 有效期为 Sun Sep 23 09:34:42 CST 2018 至 Wed Sep 20 09:34:42 CST 2028 证书指纹:          MD5:  9E:9E:7C:AF:70:7F:DC:02:C3:AE:E0:40:2C:80:DE:FD          SHA1: A7:27:C0:F8:9C:E6:A6:C0:25:DA:7F:E4:D8:0C:14:38:C7:0E:1A:A7          SHA256: 38:9D:83:6B:51:10:44:43:71:70:3A:C6:B8:9A:BC:B0:32:66:55:6C:3D: E4:C2:61:6C:FD:FF:40:45:AF:E2:AA 签名算法名称: SHA256withRSA 主体公共密钥算法: 2048 位 RSA 密钥 版本: 3 扩展: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[   CA:true   PathLen:0 ] #2: ObjectId: 2.5.29.15 Criticality=true KeyUsage [   Key_CertSign   Crl_Sign ] #3: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   RFC822Name: email@acme.com   IPAddress: 127.0.0.1 ] #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B8 FF 79 34 6C A8 33 D7   F0 8D B0 EE 9C 7D E9 23  ..y4l.3........# 0010: 9E A0 A7 96                                        .... ] ] ******************************************* *******************************************

Hi, I have created the new certificate and added it to vCenter configuration, unfortunately,  after reboot the STS certificate expiration warning still be there. How can i take it effect?