Post upgrade/patch or fresh install of vCenter Server 8.0 Update 3, smart card authentication no longer works.


When attempting to log in with smart card on vSphere Client GUI the error message "User name and password are required" is displayed:






On the Chrome browser developer console, the error "net::ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS" is shown:





On the Firefox browser developer console, the error "net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED" is shown:



Finding Your Browsers Developer Console

websso.log does not show the recent smart card authentication attempt.

vCenter Server 8.0 Update 3

VMware engineering are aware of this issue and are working on the root cause. 

To date this issue has not been reported on any version of vCenter Server other than 8.0 Update 3.

In all reported cases TLS version 1.3 is enabled on the domain controllers.

Before applying the workaround provided in this KB, verify:

  - Trusted CA is present:
Configure vCenter Server to Request Client Certificates
  - Port 3128 from clients to vCenter Server are opened.
vCenter Server SmartCard Authentication doesn't work in Firefox with error "User Name and password are required"


To work around this issue:

1. SSH to the vCenter and take a backup of the global_iana.json file:

cp /var/lib/tls_settings/global_iana.json /storage/global_iana.json.backup

2. Edit the /var/lib/tls_settings/global_iana.json file and change "allow_overrides"  to true:




3. Create a new file named "sts.json" at "/var/lib/tls_settings/" by copying the content from "global_iana.json":

cp /var/lib/tls_settings/global_iana.json /var/lib/tls_settings/sts.json

4. Remove the tlsv1_3 entry from /var/lib/tls_settings/sts.json

sts.json before removing tlsv1_3:


sts.json after removing tlsv1_3:


5.  Restart the STS service:
service-control --restart sts

6. Log in with smart card.