Hi Colleagues,
When I was checking the state of STS certificates at vCenter using python script from the kb (https://kb.vmware.com/s/article/79248 ) I received weird output. Screenshot is attached.
in essence, it shows no STS leaf certificates available and 2 root certificates.
Is it normal ?
Hi,
regenerate and replace certificates with option 4 as explained in this kb:
https://kb.vmware.com/s/article/2112283
regards,
A.Romeo
Hi Alex,
thank You for reply.
actually, I used this option a few days ago to refresh expired machine and some services certificates.
it hasn't refreshed STS certificates then.
Here the list what was regenerated then:
Alias : machine
Not After : Feb 7 11:58:20 2024 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
Not After : Feb 7 11:58:21 2024 GMT
[*] Store : vpxd
Alias : vpxd
Not After : Feb 7 11:58:21 2024 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
Not After : Feb 7 11:58:22 2024 GMT
Maybe I should use the following manual https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-497233EA-AEF9-464B-A9C3-CCAEEA... or this one will work as well https://kb.vmware.com/s/article/76719 ?
Both does the same task . Easier to follow the script in https://kb.vmware.com/s/article/76719
Hi AJ,
Thanks for the comment.
As far as I know (I used this script a few times), this script regenerates STS leaf certificate.
In my case there is nothing to regenerate. Is there any chance that script can be potentially disruptive for the system?
What about root certificates? is it normal to have two of them at the same time?