Symptoms:
When attempting to add a new Secure Token Service (STS) Signing Certificate in the vSphere Web Client, you receive the following in an Error window:
The last operation failed for the entity with the following error message.
A vCenter Single Sign-On service error occurred
You see entries in the
ssoAdminServer.log similar to the following:
[2019-03-29T19:41:07.412Z pool-3-thread-4 opId=78e5a912-06e2-4934-b5f2-1b174a8eeb15 ERROR com.vmware.identity.admin.vlsi.ConfigurationManagementServiceImpl] Invalid argument in setTenantCredentials for tenant [vsphere.local]: private key does not match certificate (at index 0)You have verified that the private key matches the leaf certificate in the chain.