You might need to re-register vCenter Server OIDC with NSX Manager in certain situations, for example when the FQDN/PNID of vCenter Server changes.


  1. Connect to the vCenter Server Appliance through SSH.
  2. Run the command shell.
  3. To get the vCenter Server thumbprint, run the follwoing command:
    - openssl s_client -connect vcenterserver-FQDN:443 </dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
    The thumbprint is displayed. For example, 08:77:43:29:E4:D1:6F:29:96:78:5F:BF:D6:45:21:F4:0E:3B:2A:68:05:99:C3:A4:89:8F:F2:0B:EA:3A:BE:9D
  4. Copy the SHA256 thumbprint and remove colons.
  5. To update the OIDC of vCenter Server, run the following command:
    curl --location --request POST 'https://<NSX-T_ADDRESS>/api/v1/trust-management/oidc-uris' \
        --header 'Content-Type: application/json' \
        --header 'Authorization: Basic <AUTH_CODE>' \
        --data-raw '{
     "oidc_type": "vcenter",
         "oidc_uri": "https://<VC_ADDRESS>/openidconnect/vsphere.local/.well-known/openid-configuration",
         "thumbprint": "<VC_THUMBPRINT>"