You might need to re-register vCenter Server OIDC with NSX Manager in certain situations, for example when the FQDN/PNID of vCenter Server changes.

Procedure

  1. Connect to the vCenter Server Appliance through SSH.
  2. Run the command shell.
  3. To get the vCenter Server thumbprint, run the follwoing command:
    - openssl s_client -connect vcenterserver-FQDN:443 </dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
    The thumbprint is displayed. For example, 08:77:43:29:E4:D1:6F:29:96:78:5F:BF:D6:45:21:F4:0E:3B:2A:68:05:99:C3:A4:89:8F:F2:0B:EA:3A:BE:9D
  4. Copy the SHA256 thumbprint and remove colons.
    08774329E4D16F2996785FBFD64521F40E3B2A680599C3A4898FF20BEA3ABE9D
  5. To update the OIDC of vCenter Server, run the following command:
    curl --location --request POST 'https://<NSX-T_ADDRESS>/api/v1/trust-management/oidc-uris' \
        --header 'Content-Type: application/json' \
        --header 'Authorization: Basic <AUTH_CODE>' \
        --data-raw '{
     "oidc_type": "vcenter",
         "oidc_uri": "https://<VC_ADDRESS>/openidconnect/vsphere.local/.well-known/openid-configuration",
         "thumbprint": "<VC_THUMBPRINT>"
        }'