VMware Cloud Community
JimKnopf99
Commander
Commander

Certificate Issue

Hello,

i have an issue with my certificates. Specialy with one of them.

We are using vCenter 6.5 appliance. It was updated from 5.5 to 6 and 6.5.

I uses own certificates since 5.5.

It all beguns while i try to add the vcenter server to my skyline appliance. I receive the error message

"Couldn't create collection task to test endpoint. -> java.lang.RuntimeException: Couldn't login the client. -> Couldn't login the client. -> Received SSO error -> The SSL certificate of STS service cannot be verified"

So i try to take a closer look into that. I found, that in my STS Signing Certificates where old and expired certificates. So i first replace that with a new one described here.

Generate a New STS Signing Certificate on the Appliance

After that, i was able to remove the old chain from the sts-signing admin page on the vsphere-client site. (not hmtl5).

But the issue remains. Also i am not able to open the lookupservice page

https://vcenter.local/lookupservice/mob

It doesnt matter whcich account i use to login, it looks like the password is wrong. But it definitly is not wrong. The certificate on that site is ok.

If i try to open the older site

https://vcenter.local:7444/lookupservice/mob

It is using an old certificate that i thought i have removed on the sts signing page. But i am not able to login either.

Also if i open the html5 certificate site on the webclient, there is an expired certificate.

What i have also done, but before, was to try to replace all certificates with the certificate-manager to default (8).

But that also did not help.

At the moment, i did not have an glue what to do next.

Any help is appreciated

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
2 Replies
Vijay2027
Expert
Expert

I've seen such issues before when vSphere environment is migrated from 5.5

One option is to download the spec file of sso:sts using lstool.py, modify the cert with machine ssl and re-register/re-import the spec back.

Reply
0 Kudos
Vijay2027
Expert
Expert

I couldn't find any KB article around this issue, Please open a SR with GSS.

Reply
0 Kudos