vSphere UI

vSphere UI STS Certificate management

The vCenter Server Security Token Service (STS) is a Web service that issues, validates and renews security tokens. Traditionally vSphere Web Client (Flash) allowed users to manage STS signing certificates from UI. We are introducing the same functionality for vSphere 7.0 Update 3.

Workflow: From Administration→ Certificates→ Certificate Management, users can view the current STS certificate. In this view, you can check the validity of the current STS certificate. If you click on “View Details” you can also check the issuer or other details.

We have two options in the Actions menu for STS certificate.

1: Refresh with vCenter certificate:

2: Import and replace certificate:


1) Refresh with vCenter certificate: Replaces the existing certificate with VMware certificate authority (VMCA) generated certificate. If you are using a custom generated or third-party STS signing certificate, the refresh action overwrites that certificate with a VMCA-generated certificate. When you refresh STS signing certificates, you must restart the vCenter Server system and any other vCenter Server system that is part of an Enhanced Linked Mode configuration.

2) Import and replace certificate: You can import and replace the vCenter Server STS certificate with a custom generated or third-party certificate using the vSphere Client. Similar to refresh with vCenter workflow here also you will have to Restart the vCenter Server system, and any other vCenter Server system that is part of an Enhanced Linked Mode configuration.

For a more detailed information of the usage and requirements, please see the official documentation.

As always, please share your feedback in the comments section below or reach out to us – vSphere UI Community Team (@vSphereUI_Team


Leave a Reply

Your email address will not be published.