LearnerUser
Contributor
Contributor

Updating STS Certificates when locked out of VCSA

Jump to solution

I have inherited a server running ESXi 6.7.0. ESXi hosts a VM running VMware Photon OS which hosts a VCSA instance. This VCSA instance manages the ESXi host. I think the STS certificates have become invalid. How can I confirm this and how can I fix this? Can I do this fix (https://kb.vmware.com/s/article/76719) in ESXi?

Background:

1. When I enter the hostname into a browser without stating the port it takes me to a page with the title, "VMware® vSphere". When I attempt to log in I get the error message "User name and password are required". If I make a typo I get the invalid credentials error which tells me that the credentials are correct otherwise.

2. When I enter the hostname and specify port 5480 it takes me to a page with the title, "
VMware Appliance Management". When I attempt to log in I get the error message "Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:719)".

3. Reading up on the error message it sounds like it is generated by Python when SSL certificates being used are invalid. I think this means that the certificates used for my VCSA instance are no longer valid. 

4. ESXi has a certificate under Security and Users > Certificates. There is also a message saying, "This host's certificates are being managed by vCenter Server, you cannot configure them using the Host Client." 

0 Kudos
1 Solution

Accepted Solutions
LearnerUser
Contributor
Contributor

Okay, so the STS certificates have been updated by the following:

  1. Connect to ESXi host and open a console to VCSA
  2. <F2> > Troubleshooting Mode > Enable SSH
  3. Use PuTTY to connect to VCSA IP port 22
  4. Now follow https://kb.vmware.com/s/article/76719

View solution in original post

0 Kudos
2 Replies
scott28tt
VMware Employee
VMware Employee

Expect a moderator to move your thread to the area for vSphere.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------
VMware Training & Certification blog
0 Kudos
LearnerUser
Contributor
Contributor

Okay, so the STS certificates have been updated by the following:

  1. Connect to ESXi host and open a console to VCSA
  2. <F2> > Troubleshooting Mode > Enable SSH
  3. Use PuTTY to connect to VCSA IP port 22
  4. Now follow https://kb.vmware.com/s/article/76719

View solution in original post

0 Kudos