Replace a vCenter Server STS Certificate

 What is the STS ?

The vCenter Single Sign-On Security Token Service (STS) is a Web service that issues, validates, and renews security tokens.

Users present their primary credentials to the STS interface to acquire SAML tokens. The primary credential depends on the type of user.

 How to replace the STS certificates on vCenter (vCenter appliance)

prerequisite:

    1. Take a snapshot of the vCenter VM before replacing the STS certificates.

    2.  Take a backup of rui. key and rui.crt from vCenter.

1.  vCenter SSH should be enabled.

2.  Downloaded the  Checksts.py and fixsts files from the VMware site.

     Checksts.py  CLICK this link 

     Fixsts              CLICK this link  

     once open the above links, the file available in the attachment

      Please find the below screenshot for references.

 3. Create any directory in vCenter and upload both files into vCenter by using WinSCP or any other tool. For example folder name " STS"

4  Take a putty session of the vCenter appliance.

5.  Go to directory " cd /STS"

6. run the below command to check the status STS expire date

   

Enable GingerCannot connect to Ginger Check your internet connection
or reload the browserDisable in this text fieldRephraseRephrase current sentenceEdit in Ginger×

As per output STS certificates yet to expire next 10 days. 

Now going to renew the STS certificates and find the below steps.

root@vCenter [ /STS ]# chmod +x fixsts.sh

root@vCenter [ /STS ]# ./fixsts.sh

it will regenerate the certificates automatically.

Then, restart all vCenter services find the below commands.

root@vCenter [ /STS ]# service-control --stop --all

root@vCenter [ /STS ]# service-control --start --all

Now validate the STS certificate status by running this command " python checksts.py"

=====================***========================

Enable GingerCannot connect to Ginger Check your internet connection
or reload the browserDisable in this text fieldRephraseRephrase current sentenceEdit in Ginger×