I've been attempted to update the STS on a fresh installation of the VCSA 6 to replace it with custom enterprise signed certs per http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUID-62981EA9-FEDD-4803-9CB6-29552FE703B1.html?resultof=%2522%2573%2574%2573%2522%2520%2522%2573%2574%2522%2520.
Following the same procedures I did for 5.1, the JKS uploads fine but whenever I reboot the VCSA after uploading the JKS the majority of my vCenter services come back in an unknown state. I'm guessing my procedures for creating the JKS may not be valid anymore. Is there documentation anywhere for a preferred method of generating a JKS to replace the STS cert? I've been generating a PFX file using an enterprise signed cert with OpenSSL and then creating a JKS using my local keytool (Java 8_45) and then adding my root/intermediate cert to the JKS.
Thanks!
