You can import and replace the vCenter Server STS signing certificate with a custom generated or third-party certificate by using the Certificate Management vCenter Signing Certificate interface.
In the usual case, you must not replace the vCenter Server STS signing certificate as it is not an external-facing certificate. The STS is an internal service that enables communication between various vSphere services. A fresh installation of vSphere 7.0 and later comes with a signing certificate that is issued with a default duration of 10 years. Replace the STS signing certificate with a custom or third-party certificate only if your company security policy requires you to do so.
Prerequisites
Verify that you are connected to a vSphere Automation API server.
Verify that the custom generated or third-party certificate chain and private key are available on your machine.
Verify that you have the
privilege.