VMware vCenter – Download trusted root CA certificates

Welcome to my VMware vSphere series. In this section I will post different tips and tricks that will sort some common issues I have to tackle from time to time.

I recently experienced a problem when adding vCenter to my App Volumes setup. I figured this was related to certificates, as explained by VMware here: Unable to add vCenter to VMware App Volumes 3.0 This is also the cause when I experience problems uploading files to a datastore from vCenter.

To sort this issue I had to import my vCenter’s root CA certificates to my Windows Server hosting my App Volumes installation.

Start the web-browser directly to the vCenter GUI without appending port numbers or ‘vsphere-client’ extension. From this web-page I can download the trusted root CA certificates

Download_vCenter_Default_Certs-01

 

I unzip the download.zip file, browse to certs\win and import the certificate to Trusted Root Certification Authorities. I select Local Machine as Store Location, Next.

Download_vCenter_Default_Certs-03

 

I select Trusted Root Certification Authorities as Certificate Store, Next

Download_vCenter_Default_Certs-04

 

I complete the Certificate Import Wizard, Finish.

Download_vCenter_Default_Certs-05

 

If I only had one server that would need this root CA Certificate, this would be a viable solution, but in order to roll out this CA Certificate to other servers, I can use the GPO I created in my session about Windows CA, posted here: Microsoft Windows Server 2016 CA – Setup

 

I open Group Policy Management and edit my Root-CA GPO

Download_vCenter_Default_Certs-06

Download_vCenter_Default_Certs-07

 

I import my vCenter root CA Certificate to Trusted Root Certification Authorities

Download_vCenter_Default_Certs-08

 

The Store Location is automatically Local Machine, Next

Download_vCenter_Default_Certs-09

 

I browse and select my downloaded crt-file, Next

Download_vCenter_Default_Certs-10

 

The Certificate Store looks correct, Next

Download_vCenter_Default_Certs-11

 

I complete the Certificate Import Wizard, Finish.

Download_vCenter_Default_Certs-12

 

Successful is always nice

Download_vCenter_Default_Certs-13

 

The certificate is now present and ready for deployment

Download_vCenter_Default_Certs-14

 

I now log back into the server with the certificate-problem and do a gpupdate /force in an administrative command prompt.

Download_vCenter_Default_Certs-15

 

While this procedures fixes the issues in IE and Chrome, Firefox is another issue. The certificate has to be manually imported into Firefox.

 

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.