bjosoren's IT-Tech blog

IT-Tech blog about different tried and tested solutions based on vmware, microsoft, linux and more tips and tricks

VMware vCenter – Download trusted root CA certificates

Welcome to my VMware vSphere series. In this section I will post different tips and tricks that will sort some common issues I have to tackle from time to time.

I recently experienced a problem when adding vCenter to my App Volumes setup. I figured this was related to certificates, as explained by VMware here: Unable to add vCenter to VMware App Volumes 3.0 This is also the cause when I experience problems uploading files to a datastore from vCenter.

To sort this issue I had to import my vCenter’s root CA certificates to my Windows Server hosting my App Volumes installation.

Start the web-browser directly to the vCenter GUI without appending port numbers or ‘vsphere-client’ extension. From this web-page I can download the trusted root CA certificates

I unzip the download.zip file, browse to certs\win and import the certificate to Trusted Root Certification Authorities. I select Local Machine as Store Location, Next.

Download_vCenter_Default_Certs-03

I select Trusted Root Certification Authorities as Certificate Store, Next

Download_vCenter_Default_Certs-04

I complete the Certificate Import Wizard, Finish.

Download_vCenter_Default_Certs-05

If I only had one server that would need this root CA Certificate, this would be a viable solution, but in order to roll out this CA Certificate to other servers, I can use the GPO I created in my session about Windows CA, posted here: Microsoft Windows Server 2016 CA – Setup

I open Group Policy Management and edit my Root-CA GPO

I import my vCenter root CA Certificate to Trusted Root Certification Authorities

The Store Location is automatically Local Machine, Next

Download_vCenter_Default_Certs-09

I browse and select my downloaded crt-file, Next

Download_vCenter_Default_Certs-10

The Certificate Store looks correct, Next

Download_vCenter_Default_Certs-11

I complete the Certificate Import Wizard, Finish.

Download_vCenter_Default_Certs-12

Successful is always nice

Download_vCenter_Default_Certs-13

The certificate is now present and ready for deployment

I now log back into the server with the certificate-problem and do a gpupdate /force in an administrative command prompt.

Download_vCenter_Default_Certs-15

While this procedures fixes the issues in IE and Chrome, Firefox is another issue. The certificate has to be manually imported into Firefox.

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: