Smart Card Authentication stops working after upgrading to vCenter Server 7 / 8
search cancel

Smart Card Authentication stops working after upgrading to vCenter Server 7 / 8

book

Article ID: 315224

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Smart Card Authentication stops working after upgrading to vCenter Server 7 / 8 with error :User name and password are required

  • Opening browser Logs you can see: ERR_CERT_AUTHORITY_INVALID as below :

Environment

VMware vCenter Server 8.0
VMware vCenter Server 7.0.3

Cause

The issue is caused by having an untrusted certificate on port 3128.

Resolution

Change the certificate for port 3128 to use MachineSSL instead of STS_INTERNAL_CERT as below :

  1. Access the vCenter via SSH

  2. Backup the /usr/lib/vmware-sso/vmware-sts/conf/server.xml file:

    cp /usr/lib/vmware-sso/vmware-sts/conf/server.xml /usr/lib/vmware-sso/vmware-sts/conf/server.xml.bak

  3. Edit the file:

    vi /usr/lib/vmware-sso/vmware-sts/conf/server.xml

  4. Locate the line that defines the certificate and ensure the Alias and file looks as below :

    <Certificate certificateKeyAlias="__MACHINE_CERT" certificateKeystoreFile="MACHINE_SSL_CERT" certificateKeystoreType="VKS" />

  5. Restart stsd service

    service-control --restart vmware-stsd
Powered by Wolken Software