This is a usual situation. You connect to vCenter with self-signed certificate installed and you get this warning on your web browser, that the security certificate presented by this website was not issued by a trusted certificate authority. It’s normal as the certificate isn’t really trusted by nobody, but you. And it’s you who gets this message. It’s possible to Stop the Self-Signed Cert warning when connecting to vCenter quite easily (if you know how to do that). That’s why this post.
This walk through is valid for Internet explorer. For Firefox it’s a bit easier as you just have to follow the link called I Understand the risk and add a Security Exception. But IE users might be interested.
Let’s get started. Basically when you first connect to vCenter server you’ll see your web browser complaining about problem with this website’s security certificate. It’s a web page like this. Click the Continue to this website link (not recommended).
When you do this you get this view where you can click on a link Download trusted root CA certificates.
Click the link and go to your download folder where you’ll find a file called download without an extension. Click save. You’ll find the file in the Download folder, and it’s name is Download too….
Next step is quite unattended. You’ll have to change the extension and rename the file to download.zip in order to be able to extract the files (yes there are more than 1 file inside this file) from it…
So far so good. Now we need to extract the files out of the compressed file. Do a right click and select Extract All. You’ll see that there are 2 files inside of the newly created folder called certs….
If you look closer, one of the files is with extension .0 and the other one with .r0
What we need is the .0
We’ll rename the file to .cer
That’s it. Now it gets an icon which is recognized by your (Windows) machine…
Now you’ll need a cert manager console. Let’s open cmd with admin priviledges. (I assume that you know how to do that, depending on which system you’re working, if it’s joined to a domain and if the user has local admin rights on that system.
certmgr.msc is the command
And it will open this console.. Do a right click on the sub-folder Certificates in the Trusted Root Certification Authorities > Import
You’ll see an assistant like this..
Go and browse for the certificate…
The Trusted Root certification authorities certificate store is pre selected. Click the next button to import the certificate.
And the final confirmation looks like this…
You can verify within the console that the certificate (called CA) is there…
And now when you close and start again your browser, you don’t see a warning… -:)
As you could see, the procedure is quite simple to follow. I hope you have enjoyed it…