Issue: Logging in to the vSphere Client fails with the error: HTTP Status 400 – Bad Request Message BadRequest, Signing certificate is not valid or error: HTTP Status 503
Steps:
- Download the attached fixsts.sh script from this article https://kb.vmware.com/s/article/76719 and upload to the impacted PSC or vCenter Server with Embedded PSC to the /tmp folder.
- If the connection to upload to the vCenter by the WINSCP client is rejected, run this from an SSH session to the vCenter: chsh -s /bin/bash
- Navigate to the /tmp directory: cd /tmp
- Run chmod +x fixsts.sh to make the file executable.
- Run ./fixsts.sh.
- Enter the password of the VC Local admin account "administrator@vsphere.local"
- Now you successfully reset the STS Cert
- Restart services on all vCenters and/or PSCs in your SSO domain by using below commands: service-control --stop --all and service-control --start --all
- Login to the vCenter and verify the STS Cert if renewed
VMware KB Reference: https://kb.vmware.com/s/article/76719