When connecting to a VMWare vCenter server using a web-browser, there appears a warning of self-signed certificate issued by an untrusted certification authority. In Firefox, this warning can be disabled just by adding a vCenter website to the list of exceptions, but in Internet Explorer the procedure is more complicated.
SSL certificates installed by default with ESXi and vCenter servers are self-signed, so other systems do not trust them and show a warning or block the connection with these websites. To disable the warning of a self-signed certificate, you can add the self-signed certificate it the list of trusted certificates or replace the certificate with your own one issued by a trusted certification authority. We’ll consider the first variant, the procedure is trivial, but there are some not quite obvious moments.
So when opening a vCenter server webpage in the browser, a window with the following warning appears:
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website’s address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
Having clicked Continue to this website link (not recommended), you can go to vCenter getting started page. To download the certificate, click Download trusted root CA certificates.
Save the file to any directory. The name of the file is download (with no extension).
Then change the extension of download to download.zip and extract it with the built-in archiver (Extract All).
The cert archive contains 2 files with the extensions .0 and .r0. Change the file extension .0 to .cer.
Now you only have to add this root CA certificate to the list of trusted certificates. Suppose, we want this certificate to be trusted only with the current account. Open certmgr.msc console, go to Certificates > Trusted Root Certification Authorities and open the certificate import wizard (Import) in the context menu.
Select the certificate file obtained earlier and place it to the Trusted Root Certification Authorities store.
Submit adding the certificate.
A new certificate with the name CA appears in the list.
Open the vCenter webpage in the browser again. The warning won’t appear.
These guidelines are applicable to vCenter Server Appliance, if you are using Windows vCenter Server, you won’t be able to download the certificate file, since there will be no link to download the archive with the certificate. This file is stored on vCenter Server (running Windows) in C:\ProgramData\VMware\SSL\. (C:\Programdata\VMware\VMware VirtualCenter\SSL in earlier versions.) The certificate from this directory has to be imported on a client in the same way.