Important: In vCenter Server version
6.5U3k,
6.7 U3j, or
7.0 U1, you receive a weekly notification when the vCenter Single Sign-On Security Token Service (STS) signing certificate is close to expiration. Notifications start 90 days before the STS certificate expires and turn into daily over the last week before expiration.
To verify the expiry date of your VMware Security Token Service (STS):
HTML 5 client
Note: Available from vCenter Server 7.0 Update2 and later.
- Connect to the vSphere HTML5 client through https://vcenter_server_ip_address_or_fqdn/ui.
- From Home Menu, Select Administration.
- Under Certificates, Click on Certificate Management.
- View STS signing Certificate information.
Note: The card will have the following information:
- "Valid until" date which indicates when the certificate will expire.
- A green check for a valid certificate, and an orange check warning of a certificate expiration.
- A View Details link to show additional details of the active certificate chain.
VCSA
- Download the attached checksts.py script attached to this article.
- Upload to attached script to the VCSA or external PSC.
For example, /tmp
Note: You may use WinSCP to upload the script to VCSA. For additional information, see Error when uploading files to vCenter Server Appliance using WinSCP (2107727).
If you get an error for connecting to the VCSA via WinSCP run the following command:
chsh -s /bin/bash root as per above the link.
- Once the script has been successfully uploaded to VCSA, change the directory to /tmp.
For example:
cd /tmp
- Run python checksts.py.
Windows
- Download the attached checksts.py script attached to this article.
- Upload to attached script to the Windows Server on which vCenter Server is installed:
For example %TEMP%
- Once the script has been successfully uploaded to Windows, change the directory to %TEMP%.
- Run "%VMWARE_PYTHON_BIN%" checksts.py.
Web Client Flash
Note:
Adobe Flash Player is going End of Life (EOL) on Dec 31, 2020. The major web browser manufacturers have aligned their efforts to disable/stop running Flash applications around this date. For more information on a flash certificate, see
VMware Flash End of Life and Supportability (78589).
- Connect to the vSphere Web client through https://vcenter_server_ip_address_or_fqdn/vsphere-client.
- Select Administration > Single Sign-On > Configuration > Certificates > STS Signing.
Note: You cannot view the STS certificate from the HTML5 client.