2 Replies Latest reply on May 15, 2019 12:41 AM by len_rat

    Does vSphere 6.7 sdk handle certificates differently from 6.5?

    abmark Lurker

      Using vSphere sdk 6.5 the communication works perfectly.
      Using vSphere sdk 6.7  (and 6.5) on vCenter 6.7, the communication does not work and I receive the following message:
      "An error occurred while making the HTTP request to https://10.78.13.45/sdk. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server."

       

      Everything ESXi(s) work(s) fine, as well vCenter, just I am not able to communicate with vCenter using sdk 6.7.

        • 1. Re: Does vSphere 6.7 sdk handle certificates differently from 6.5?
          peetz Master
          vExpertUser Moderators

          Hi Alesandro,

           

          this is pobably related to TLS version support changes in vSphere 6.7. vSphere 6.7 supports only TLS 1.2 (but not 1.1 or 1.0 by default).

          More info here: Support for Transport Security Layer 1.2 and here: VMware Knowledge Base

          This KB article  explains how to enable TLS 1.2 e.g. for PowerCLI (and other .NET Framework based programs): VMware Knowledge Base

           

          - Andreas

          • 2. Re: Does vSphere 6.7 sdk handle certificates differently from 6.5?
            len_rat Lurker

            I had a simular issue because I used another powershell module that used the older SSLv3 and TLS1. After commands form the non-powercli module where finished the whole powershell instance was reverted back to the default security mechanism. Then powercli will revert also back to the use of TLS which is not supported by default on Vcenter 6.7. Three possible solutions are:

             

            -     Easiest but not recommended: Revert vcenter back to use older TLS versions

            -     Run the commands for the other module in a seperate powershell instance, background job (start-job)

            -     After the other module commands are completed revert the session backup to TLS1.2

                           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12