Good afternoon. We have a problem like this one: https://virtuallyunderstood.wordpress.com/2016/08/03/troubleshooting-expired-psc-certificates-with-v... After upgrading vcenter from version 5.5 to 6.0 and then to 6.0U3, we encountered a problem that affects the expired certificate of the PSC on port 7444. As far as I know, since version 6.0, PSC uses port 433, and port 7444 is left to manage vcenter 5.5 versions. I found just such an article, which describes an almost similar situation, although our PSC starts and works, but only on port 7444 there is an old certificate, because of this NSX-V does not connect to the lookup service on ports 433 and 7444. The question is necessary for us to carry out point 9 of this instruction, since we have vCenter 6.0. https://kb.vmware.com/s/article/2118939#WinVC I'm confused.
I also found an article in which it is proposed to replace the expired certificate from the PSC on port 7444 with a machine certificate by simple copying, but our vCenter does not have the store STS_INTERNAL_SSL_CERT, https://kb.vmware.com/s/article/68155 this option would certainly be preferable, who can help please?
All our stores:
Take a look at the next post that will help you understand: https://virtuallyunderstood.wordpress.com/2016/08/03/troubleshooting-expired-psc-certificates-with-v...
Basically since vSphere 6 the Lookup Service Certificate is presented by the RHTTP Proxy service on port 443, however it is still uses the port 7444 for backward compatibility with vCenter Server 5.5 as it could be used externally while doing an upgrade or you could have more than one.
Follow the KB you found exactly and it will help you fix your issue, and for NSX-V you will need to update the URL to 443 and not use lookup service anymore as it could work now but for example in version 6.5 it does not anymore.
Hey @Lalegre .
Thank you for your reply. Well, if I follow the steps of KB https://kb.vmware.com/s/article/2118939#WinVC , then I have a question, after the 9th point in which the ssoserver certificate is replaced, the 10th point is described in which they ask to update the certificate also to the vcenter for the lookup service, if it is version 5.5. We already have version 6.0 U3 installed. I understand correctly that we need to skip this 10 point and follow the 11 point, in which we need to restart the PSC services? 🤔