top of page

Renew the expired vCenter STS Certificate (Signing Certificate)

Issue: Logging in to the vSphere Client fails with the error: HTTP Status 400 – Bad Request Message BadRequest, Signing certificate is not valid or error: HTTP Status 503

Steps:

- Download the attached fixsts.sh script from this article https://kb.vmware.com/s/article/76719 and upload to the impacted PSC or vCenter Server with Embedded PSC to the /tmp folder.

- If the connection to upload to the vCenter by the WINSCP client is rejected, run this from an SSH session to the vCenter: chsh -s /bin/bash

- Navigate to the /tmp directory: cd /tmp

- Run chmod +x fixsts.sh to make the file executable.

- Run ./fixsts.sh.

- Enter the password of the VC Local admin account "administrator@vsphere.local"

- Now you successfully reset the STS Cert

- Restart services on all vCenters and/or PSCs in your SSO domain by using below commands: service-control --stop --all and service-control --start --all

- Login to the vCenter and verify the STS Cert if renewed


Comments


bottom of page