Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Virtualization / VMWare / Removing VMWare vCenter Self-Signed Certificate Warning

July 27, 2016 VMWare

Removing VMWare vCenter Self-Signed Certificate Warning

When connecting to a VMWare vCenter server using a web-browser, there appears a warning of self-signed certificate issued by an untrusted certification authority. In Firefox, this warning can be disabled just by adding a vCenter website to the list of exceptions, but in Internet Explorer the procedure is more complicated.

SSL certificates installed by default with ESXi and vCenter servers are self-signed, so other systems do not trust them and show a warning or block the connection with these websites. To disable the warning of a self-signed certificate, you can add the self-signed certificate it the list of trusted certificates or replace the certificate with your own one issued by a trusted certification authority. We’ll consider the first variant, the procedure is trivial, but there are some not quite obvious moments.

So when opening a vCenter server webpage in the browser, a window with the following warning appears:

There is a problem with this website’s security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

The security certificate presented by this website was not issued by a trusted certificate authority.

Note. The warning The security certificate presented by this website was issued for a different website’s address is shown since in our case the host name is different from the CN name, for which the certificate is issued. In order this warning is not shown, in the browser you have to open the FQDN server name, for which the certificate is issued. By the way, to make it more convenient you can replace this certificate for your own one created using New-SelfSignedCertificate cmdlet, which allows to issue a certificate for any set of CN.

Having clicked Continue to this website link (not recommended), you can go to vCenter getting started page. To download the certificate, click Download trusted root CA certificates.

vCenter Download trusted root CA certificates

Save the file to any directory. The name of the file is download (with no extension).

vmware download file

Then change the extension of download to download.zip and extract it with the built-in archiver  (Extract All).

extract certificate archive

The cert archive contains 2 files with the extensions .0 and .r0. Change the file extension .0 to .cer.

vsphere certificate file

Now you only have to add this root CA certificate to the list of trusted certificates. Suppose, we want this certificate to be trusted only with the current account. Open certmgr.msc console, go to Certificates > Trusted Root Certification Authorities and open the certificate import wizard (Import) in the context menu.

import certificate using certmgr console

certificate import wizard

Select the certificate file obtained earlier and place it to the Trusted Root Certification Authorities store.

 Trusted Root Certification Authorities

Submit adding the certificate.

security warning

A new certificate with the name CA appears in the list.

certificate ca

Open the vCenter webpage in the browser again. The warning won’t appear.

vsphere login page

Note. If you need to expand this certificate to domain computers, you can use the group policy features (How to Install a Certificate on Domain Computers Using GPO)

These guidelines are applicable to vCenter Server Appliance, if you are using Windows vCenter Server, you won’t be able to download the certificate file, since there will be no link to download the archive with the certificate. This file is stored on vCenter Server (running Windows) in C:\ProgramData\VMware\SSL\. (C:\Programdata\VMware\VMware VirtualCenter\SSL in earlier versions.) The certificate from this directory has to be imported on a client in the same way.

0 comment
1
Facebook Twitter Google + Pinterest
previous post
Fixing High Memory Usage by Metafile on Windows Server 2008 R2
next post
Restore Missing CD/DVD Drive in Windows 10

Related Reading

Accessing USB Flash Drive from VMWare ESXi

February 26, 2021

FAQ: Live Migration of Virtual Machines with VMWare...

November 19, 2020

VMWare Error: Unable to Access a File Since...

October 1, 2020

How to Enable and Configure SNMP on VMWare...

September 7, 2020

Selecting the Number of vCPUs and Cores for...

August 18, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Reset Root Password in VMware vCenter Appliance
  • VMware vSphere 6.5 Licensing Guide
  • How to Remove an Inactive NFS Datastore on VMWare ESXi Host
  • VMware Converter: Synchronize changes when perfoming P2V or V2V
  • Backing Up VMWare Virtual Machines Using Altaro VM Backup
  • How to Upgrade VM Hardware Version in VMWare ESXi
  • Tuning Windows Performance for Use in Virtual Environment
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top