{"id":1547,"date":"2024-05-17T22:58:23","date_gmt":"2024-05-18T03:58:23","guid":{"rendered":"https:\/\/zewwy.ca\/?p=1547"},"modified":"2024-05-20T10:24:25","modified_gmt":"2024-05-20T15:24:25","slug":"renew-vcenter-sts-certificate","status":"publish","type":"post","link":"https:\/\/zewwy.ca\/index.php\/2024\/05\/17\/renew-vcenter-sts-certificate\/","title":{"rendered":"Renew vCenter STS Certificate"},"content":{"rendered":"<p>Source: <a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/com.vmware.vsphere.authentication.doc\/GUID-568A53A4-BED4-4F05-BB94-650E758409CC.html\">Refresh a vCenter Server STS Certificate Using the vSphere Client (vmware.com)<\/a><\/p>\n<ol id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-1F498FD8-B60E-4CAE-BB64-AE355838DA82\" class=\"ol steps\">\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__step_AC2A99C87FD647398ECDAE092FEEB36C\" class=\"li step stepexpand\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e103\" class=\"ph cmd\">Log in with the\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e105\" class=\"ph productname\">vSphere Client<\/span>\u00a0to the\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e108\" class=\"ph productname\">vCenter Server<\/span>.<\/span><\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__step_359832466E804B2283675ACA5AA53E19\" class=\"li step stepexpand\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e308\" class=\"ph cmd\">Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.<\/span>\n<div id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e311\" class=\"itemgroup info\">If you specified a different domain during installation, log in as administrator@\u00a0<var id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e313\" class=\"keyword varname\">mydomain<\/var>.<\/div>\n<\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__step_C31E4592201C4023B7D0DEA8877D4316\" class=\"li step stepexpand\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e187\" class=\"ph cmd\">Navigate to the Certificate Management UI.<\/span>\n<ol id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e190\" class=\"ol substeps\" type=\"a\">\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e192\" class=\"li substep\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e194\" class=\"ph cmd\">From the\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e196\" class=\"ph uicontrol\">Home<\/span>\u00a0menu, select\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e199\" class=\"ph uicontrol\">Administration<\/span>.<\/span><\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e204\" class=\"li substep\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e206\" class=\"ph cmd\">Under\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e208\" class=\"ph uicontrol\">Certificates<\/span>, click\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__d32e211\" class=\"ph uicontrol\">Certificate Management<\/span>.<\/span><\/li>\n<\/ol>\n<\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__step_4C8138BA0CF44056A096271C3BCF8831\" class=\"li step stepexpand\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__cmd_3C1E39CF442B49B2BD4130E46E5898BF\" class=\"ph cmd\">If the system prompts you, enter the credentials of your\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__PRODUCTNAME_36A67B5996CE47209B6ACC1FB2332B47\" class=\"ph productname\">vCenter Server<\/span>.<\/span><\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__STEP_6BC5AA8F-3A72-4545-825A-042DD68D7B64\" class=\"li step stepexpand\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-C18DE95F-6F5D-42ED-8FBF-BDCC6D7E1EF4\" class=\"ph cmd\">Under\u00a0<span class=\"ph uicontrol\">STS Signing Certificate<\/span>, click\u00a0<span class=\"ph menucascade\"><span class=\"ph uicontrol\">Actions<\/span><abbr title=\"and then\">\u00a0&gt;\u00a0<\/abbr><span class=\"ph uicontrol\">Refresh with vCenter certificate<\/span><\/span>.<\/span><\/li>\n<\/ol>\n<p><a href=\"https:\/\/i.imgur.com\/3PXJ0BR.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/3PXJ0BR.png\" alt=\"\" width=\"1492\" height=\"803\" \/><\/a><\/p>\n<section id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-1F498FD8-B60E-4CAE-BB64-AE355838DA82\">\n<ol id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-1F498FD8-B60E-4CAE-BB64-AE355838DA82\" class=\"ol steps\">\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__STEP_5F0CF49C-39EB-435E-8EDF-9D26B2868EBF\" class=\"li step stepexpand\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-3ACB1B55-2675-4CD7-ADB4-1C1D32E0C55B\" class=\"ph cmd\">Click\u00a0<span class=\"ph uicontrol\">Refresh<\/span>.<\/span>\n<div class=\"itemgroup stepresult\">The VMCA refreshes the STS signing certificate on this\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__PRODUCTNAME_36A67B5996CE47209B6ACC1FB2332B47\" class=\"ph productname\">vCenter Server<\/span>\u00a0system and on any linked\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__PRODUCTNAME_36A67B5996CE47209B6ACC1FB2332B47\" class=\"ph productname\">vCenter Server<\/span>\u00a0systems.<\/div>\n<\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__STEP_EE5BB66E-A794-4C8D-9C79-3D31B60F50CB\" class=\"li step stepexpand\"><strong>(Optional)\u00a0<\/strong><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-1F55E8D8-9B60-47CA-950C-85A5FF21073C\" class=\"ph cmd\">If the\u00a0<span class=\"ph uicontrol\">Force Refresh<\/span>\u00a0button appears,\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__featurename_A44F460F3CFF42478B78A54B3097B288\" class=\"ph featurename\">vCenter Single Sign-On<\/span>\u00a0has detected a problem. Before clicking\u00a0<span class=\"ph uicontrol\">Force Refresh<\/span>, consider the following potential results.<\/span>\n<div class=\"itemgroup info\">\n<ul id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__UL_59E1E748-D466-441F-B150-CF91B64A0A21\" class=\"ul\">\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__LI_D7F7D944-90BE-47D4-A94D-936F9C2BBD8D\" class=\"li\">If all the impacted\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__PRODUCTNAME_36A67B5996CE47209B6ACC1FB2332B47\" class=\"ph productname\">vCenter Server<\/span>\u00a0systems are not running at least vSphere 7.0 Update 3, they do not support the certificate refresh.<\/li>\n<li class=\"li\">Selecting\u00a0<span class=\"ph uicontrol\">Force Refresh<\/span>\u00a0requires that you restart all\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__PRODUCTNAME_36A67B5996CE47209B6ACC1FB2332B47\" class=\"ph productname\">vCenter Server<\/span>\u00a0systems and can render those systems inoperable until you do so.<\/li>\n<\/ul>\n<\/div>\n<ol id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__SUBSTEPS_431CA087-E608-40C5-B62A-673A737CDBC6\" class=\"ol substeps\" type=\"a\">\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__SUBSTEP_F56148AF-01B9-4C70-AAAC-52505D951D70\" class=\"li substep\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-266AF93A-6C29-4036-8FF9-67EF54A6DDC5\" class=\"ph cmd\">If you are unsure of the impact, click\u00a0<span class=\"ph uicontrol\">Cancel<\/span>\u00a0and research your environment.<\/span><\/li>\n<li id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__SUBSTEP_CAAAA303-BE45-4E04-9E8F-1B2B942CD1B1\" class=\"li substep\"><span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__GUID-260DF6C7-4AE4-4793-AE82-A5D6580DEB5B\" class=\"ph cmd\">If you are sure of the impact, click\u00a0<span class=\"ph uicontrol\">Force Refresh<\/span>\u00a0to proceed with the refresh then manually restart your\u00a0<span id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__PRODUCTNAME_36A67B5996CE47209B6ACC1FB2332B47\" class=\"ph productname\">vCenter Server<\/span>\u00a0systems.<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/section>\n<section id=\"GUID-568A53A4-BED4-4F05-BB94-650E758409CC__POSTREQ_9A7F1372-0C9A-4286-9715-EE3BF90E4C19\" class=\"section postreq\">\n<div class=\"tasklabel\">I guess my setup had a problem? or it&#8217;s still valid or a long time, I don&#8217;t know why my setup says force refresh, but lets do it&#8230;<\/div>\n<\/section>\n<div><\/div>\n<div><a href=\"https:\/\/i.imgur.com\/Bly1N3V.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/Bly1N3V.png\" alt=\"\" width=\"477\" height=\"288\" \/><\/a><\/div>\n<div><\/div>\n<div>Mhmmm&#8230; k vCenter still working normally, and no forced reboot, just saying all systems need to be rebooted&#8230;.<\/div>\n<div><\/div>\n<div>I navigated away and back and it shows the new cert&#8230;<\/div>\n<div><\/div>\n<div><a href=\"https:\/\/i.imgur.com\/I5Hkc23.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/I5Hkc23.png\" alt=\"\" width=\"437\" height=\"790\" \/><\/a><\/div>\n<div><\/div>\n<div>reboot anyway&#8230; sign in, no issues&#8230;<\/div>\n<div>But the old root still exists, can it be deleted?<\/div>\n<div>Yes&#8230; Check out how on my next Blog post.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Source: Refresh a vCenter Server STS Certificate Using the vSphere Client (vmware.com) Log in with the\u00a0vSphere Client\u00a0to the\u00a0vCenter Server. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group. If you specified a different domain during installation, log in as administrator@\u00a0mydomain. Navigate to the Certificate Management UI. &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/zewwy.ca\/index.php\/2024\/05\/17\/renew-vcenter-sts-certificate\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Renew vCenter STS Certificate&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","footnotes":""},"categories":[5,8],"tags":[459,88],"class_list":["post-1547","post","type-post","status-publish","format-standard","hentry","category-hypervisors","category-server-administration","tag-sts-certificate","tag-vmware"],"_links":{"self":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/comments?post=1547"}],"version-history":[{"count":1,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1547\/revisions"}],"predecessor-version":[{"id":1548,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1547\/revisions\/1548"}],"wp:attachment":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/media?parent=1547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/categories?post=1547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/tags?post=1547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}