We have PowerCLI 10 installed on a Windows 10 linked clone (Horizon 7). Even though our PSC/VCSA have valid certificates using the VMCA with an intermediate certificate from our internal CA we still receive a invalid certificate when trying to connect using Connect-VIServer. I look at the documentation and found that a PowerCLI Trusted Certificate Store (SslCertificateExceptions.csv) file needs to be configured. Unfortunately we do not have this file on our Windows 10 machines as an example to configure.
https://code.vmware.com/doc/preview?id=6330#/doc/about_invalid_certificates.html
1. Does PowerCLI use the Windows Certificate Store?
2. How do we configure the PowerCLI Trusted Certificate Store (SslCertificateExceptions.csv) file?
Unfortunately the certificate_thumbprint is blank. I was able to build the csv file using the thumbprints returned from Connect-VIServer and I saved that to C:\ProgramData\VMware\PowerCLI. This worked perfectly.
It's a CSV with no headers with each line containing vCenter server name,thumbprint (e.g. vcenter01,0000000000000000000000000000000000000000).
Afaik it's a simple CSV file, just 2 columns, the servername (of the VCSA), and the thumbprint of the certificate for that VCSA.
Connect to the vCenter(s), make sure the certificates are installed, and then create the file with something like this
$report = @()
foreach($vc in $global:defaultviservers){
$report += New-Object PSObject -Property (
[ordered]@{
server_address = $vc.Name
certificate_thumbprint = (Get-ChildItem Cert:\LocalMachine -Recurse | where{$_.Issuer -match $vc.Name}).Thumbprint
})
}
$report | Export-Csv -Path "$($env:APPDATA)\VMware\PowerCLI\SslCertificateExceptions.csv" -NoTypeInformation -UseCulture
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Unfortunately the certificate_thumbprint is blank. I was able to build the csv file using the thumbprints returned from Connect-VIServer and I saved that to C:\ProgramData\VMware\PowerCLI. This worked perfectly.
It's a CSV with no headers with each line containing vCenter server name,thumbprint (e.g. vcenter01,0000000000000000000000000000000000000000).