VMware Cloud Community
BenFB
Virtuoso
Virtuoso
‎03-27-2018 11:08 AM
Jump to solution

How do you configure the PowerCLI Trusted Certificate Store (SslCertificateExceptions.csv)?

We have PowerCLI 10 installed on a Windows 10 linked clone (Horizon 7). Even though our PSC/VCSA have valid certificates using the VMCA with an intermediate certificate from our internal CA we still receive a invalid certificate when trying to connect using Connect-VIServer. I look at the documentation and found that a PowerCLI Trusted Certificate Store (SslCertificateExceptions.csv) file needs to be configured. Unfortunately we do not have this file on our Windows 10 machines as an example to configure.

https://code.vmware.com/doc/preview?id=6330#/doc/about_invalid_certificates.html

1. Does PowerCLI use the Windows Certificate Store?

2. How do we configure the PowerCLI Trusted Certificate Store (SslCertificateExceptions.csv) file?

0 Kudos
1 Solution

Accepted Solutions
BenFB
Virtuoso
Virtuoso
‎03-27-2018 02:09 PM
Jump to solution

Unfortunately the certificate_thumbprint is blank. I was able to build the csv file using the thumbprints returned from Connect-VIServer and I saved that to C:\ProgramData\VMware\PowerCLI. This worked perfectly.

It's a CSV with no headers with each line containing vCenter server name,thumbprint (e.g. vcenter01,0000000000000000000000000000000000000000).

View solution in original post

0 Kudos
2 Replies
LucD
Leadership
Leadership
‎03-27-2018 12:49 PM
Jump to solution

Afaik it's a simple CSV file, just 2 columns, the servername (of the VCSA), and the thumbprint of the certificate for that VCSA.

Connect to the vCenter(s), make sure the certificates are installed, and then create the file with something like this

$report = @()

foreach($vc in $global:defaultviservers){

    $report += New-Object PSObject -Property (

        [ordered]@{

            server_address = $vc.Name

            certificate_thumbprint = (Get-ChildItem Cert:\LocalMachine -Recurse | where{$_.Issuer -match $vc.Name}).Thumbprint

        })

}

$report | Export-Csv -Path "$($env:APPDATA)\VMware\PowerCLI\SslCertificateExceptions.csv" -NoTypeInformation -UseCulture


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
BenFB
Virtuoso
Virtuoso
‎03-27-2018 02:09 PM
Jump to solution

Unfortunately the certificate_thumbprint is blank. I was able to build the csv file using the thumbprints returned from Connect-VIServer and I saved that to C:\ProgramData\VMware\PowerCLI. This worked perfectly.

It's a CSV with no headers with each line containing vCenter server name,thumbprint (e.g. vcenter01,0000000000000000000000000000000000000000).

0 Kudos