VMware Cloud Community
LearnerUser
Contributor
Contributor
‎12-06-2021 08:45 AM
Jump to solution

Updating STS Certificates when locked out of VCSA

I have inherited a server running ESXi 6.7.0. ESXi hosts a VM running VMware Photon OS which hosts a VCSA instance. This VCSA instance manages the ESXi host. I think the STS certificates have become invalid. How can I confirm this and how can I fix this? Can I do this fix (https://kb.vmware.com/s/article/76719) in ESXi?

Background:

1. When I enter the hostname into a browser without stating the port it takes me to a page with the title, "VMware® vSphere". When I attempt to log in I get the error message "User name and password are required". If I make a typo I get the invalid credentials error which tells me that the credentials are correct otherwise.

2. When I enter the hostname and specify port 5480 it takes me to a page with the title, "VMware Appliance Management". When I attempt to log in I get the error message "Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:719)".

3. Reading up on the error message it sounds like it is generated by Python when SSL certificates being used are invalid. I think this means that the certificates used for my VCSA instance are no longer valid. 

4. ESXi has a certificate under Security and Users > Certificates. There is also a message saying, "This host's certificates are being managed by vCenter Server, you cannot configure them using the Host Client." 

Reply
0 Kudos
1 Solution

Accepted Solutions
LearnerUser
Contributor
Contributor
‎12-07-2021 08:47 AM
Jump to solution

Okay, so the STS certificates have been updated by the following:

  1. Connect to ESXi host and open a console to VCSA
  2. <F2> > Troubleshooting Mode > Enable SSH
  3. Use PuTTY to connect to VCSA IP port 22
  4. Now follow https://kb.vmware.com/s/article/76719

View solution in original post

Reply
3 Replies
scott28tt
VMware Employee
VMware Employee
‎12-06-2021 08:53 AM
Jump to solution

Expect a moderator to move your thread to the area for vSphere.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
LearnerUser
Contributor
Contributor
‎12-07-2021 08:47 AM
Jump to solution

Okay, so the STS certificates have been updated by the following:

  1. Connect to ESXi host and open a console to VCSA
  2. <F2> > Troubleshooting Mode > Enable SSH
  3. Use PuTTY to connect to VCSA IP port 22
  4. Now follow https://kb.vmware.com/s/article/76719
Reply
lapinblanc91
Contributor
Contributor
‎03-12-2024 04:20 AM
Jump to solution

Hello,
I have the same problem but with vSphere version 8.0 (see screenshot)
I followed the procedure (installing and running the fixsts.sh script) but to no avail.
I keep getting the same message.
I restart the services and get the following errors (see screenshot)

What should i do ?

Denis

 

Preview file
32 KB
Preview file
50 KB
Reply
0 Kudos