Is it possible to delete an STS Signing Chain from SSO?

This post was originally published on this site

Hi all,


I have an external vCenter 6.0 u2 appliance connected to an external 6.0 u2 PSC appliance.


In the past some other PSCs have been used but then they were decommissioned and deleted and the vCenter was pointed to a newer PSC.


When I look in the Certificates > STS Signing tab of the SSO configuration, I see multiple STS Signing Certificates listed.

Some of the certificate chains are related to the old/deleted PSCs.


I have tried to highlight the redundant certificate chain and then use the option Remove from the Web Client console however I get an error that the removal did not succeed.


I believe these older chains relating to the now non-existent PSCs are not affecting anything however, for the sake of having a cleaner console, I have the following questions:


1) Is there a way to remove them from the console/SSO?

2) Should I need to worry about removing them or can I just leave them and nothing will be affected?

3) Why would I be unable to remove them from the console using the button that is given to do precisely that?


Thanks in advance