Problem: None of our users (including admin@system-domain) could log in via the web client. The normal vSphere client was accepting logins.

 

Looking at the vsphere_client_virgo.log file in C:\Program Files\VMware\Infrastructure\SSOServer\security\ we could see the following error:

[2013-11-21 10:55:57.553] ERROR [ERROR] http-bio-9443-exec-29        9D007B355802AF829F8A1DF1B5D4EFD6 com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Error during authentication com.vmware.vise.vim.security.sso.exception.SsoServiceException: java.security.cert.CertificateExpiredException: certificate expired on 20131107113017GMT+00:00

 

All certificates looked up to date. However, when browsing the C:\Program Files\VMware\Infrastructure\SSOServer\security\ directory we noticed there were no certiifcates present. I'm pretty sure they havent been deleted by another user and I certainly never removed them. It appears the modified date of other files in that directory were 07/11/2012 which is directly a year earlier than when this error started to appear ("20131107113017GMT+00:00"). 

This was a bit odd. However I copied over one of our other certificates into this directory, renamed it to rui.crt and then restarted the Web Client and SSO services.

All working now.