Hi to all,
I've a problem with VMWare 5.5 and vSphere VM appliance, today the certificate are expired and can't login anymore.
This is the error "The login request has expired due to a clock synchronization issue between vsphere web client and vcenter single sign-on"
How can I renew the expired certificate and expired CA?
Thank you.
This could occur due to expiration of a previously replaced STS certificate and to resolve the same, reset the STS Certificate to default one.
You may follow this article to resolve the same - https://kb.vmware.com/s/article/2108379
Hi Shen,
thank you for the answer.
I've followed the kb for vCenter Server Appliance (VCSA) with the suggested command.
After the message "Successfully installed VMware STS" and rebooted the system certificates are still expired.
When I try to login on VSphere gave me this error "Failed to connect to VMware Lookup Service https://blade-vcenter.XXX:7444/lookupservice/sdk - SSL certificate verification failed".
Any suggestion?
Thank you.
Regenerating Self-Signed SSL Certificates in VMware vCenter Server appliance 5.1 or 5.5 (2070603)
Also, just curious do we have a underscore '_' in the hostname?
this is the output at the "source vpxd_commonutils; generate_all_certificates replace"; command
generate_all_certificates replace
Hostname or IP address have changed. Regenerating the self-signed certificates...
Regenerating the SLAPD certificate...
done.
Regenerating the vpxd certificate...
Waiting for the embedded database to start up: [OK]
VC_CFG_RESULT=659
done.
Regenerating the Inventory Service certificate...
Intializing registration provider...
Getting SSL certificates for https://blade-vcenter.XXX:7444/lookupservice/sdk
Return code is: Success
done.
WARNING: cannot execute certificate replace script '/etc/va/certs/replace/*'
Stopping vmware-stsd .. done
Stopping VMware STS IDM Server ... done
Stopping VMware Directory Service done
Certificate regeneration finished.
After the reboot the problem is not the changed.
I'm becoming crazy😡
>>Also, just curious do we have a underscore '_' in the hostname?
No underscore just " - "
Thank you.
I don't see any failure with the output you've posted, seems the cert regeneration has gone well but no go after reboot. Lastly, to avoid services having the old hostname after certificate re-generation we could regenerate the self-signed SSL Certificate by using the VAMI portal. Please follow below steps:
1. Log-into VCSA VAMI page: https://<FQDN/IP>:5480
2. Admin > Certificate regeneration enabled > Yes
3. Network > Address > Change Hostname/IP to a temporary value (if it is DHCP then make it static)
4. Reboot
5. Login again into VCSA VAMI page: https://<FQDN/IP>:5480
6. Admin > Certificate regeneration enabled > Yes
7. Network > Address > Change Hoostname/IP to original value
8. Reboot.
If this did not help, I guess redeploying the appliance is the last resort that I could suggest.
I followed the suggested step with no luck, no change on installed certified.
If I redeploying the appliance, can I import the previous settings in some way?
Thank you.
@Kriminal,
Hey, I haven't done this myself, so I cannot comment on how well this will works. But, you may give it a try.
https://kb.vmware.com/s/article/2034505