To authenticate against vCenter SSO, solution users uses certificates to establish a secure connection. A solution user presents the certificate to vCenter SSO in 3 cases:
- When solution user authenticates against sso for very first time.
- After a reboot, and
- After a timeout has elapsed.
The timeout value can be set from the Web Client. The default value for this is 2592000 seconds (30 days). To change the default value, login to vSphere Web Client and navigate to Administration > Single Sign-On > Configuration > Policies > Token Policy.
On few blogs I read the following steps for configuring ssl timeouts.
We can configure SSL timeouts for ESXi by editing a configuration file on the ESXi host.
Timeout periods can be set for 2 types of idle connections:
1: The Read Timeout setting applies to connections that have completed the SSL handshake process with port 443 of ESXi.
2: The Handshake Timeout setting applies to connections that have not completed the SSL handshake process on port 443 of ESXi.
Both connection timeouts are set in milliseconds. Idle connections are disconnected after the timeout period. By default, fully established SSL connections have a timeout of infinity.
I am running vSphere 6.0 U3 in my lab and I can’t find the readTimeoutMS and handshakeTimeoutMs fields in config.xml file.
I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂