I recently upgraded to Powershell v.5.01 and now I am seeing something new when to connect to my vCenter server.
$vCenter="my-cVenter-FQDN"
and I get:
Connecting to vCenter ...
WARNING: There were one or more problems with the server certificate:
* The X509 chain could not be built up to the root certificate.
* The certificate's CN name does not match the passed value.
Certificate: [Subject]
E=support@vmware.com, CN=VMware default certificate, OU="VMware, Inc.", O="VMware, Inc."
[Issuer]
O=VMware Installer
[Serial Number]
116C6FA5
[Not Before]
6/9/2011 2:38:48 PM
[Not After]
6/6/2021 2:38:48 PM
[Thumbprint]
3075FD19521FBF00CDA8ACC3D2B2FBB6B454A611
The server certificate is not valid.
WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A FUTURE RELEASE. To ensure scripts are not affected by the change, use Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction option.
so:
1. I have added the certificate from my vCenter to my cert store (both "Trusted Root Certifcation Authorities" and "3rd Party Root Certification Authorities" , which should take care of the "build up to root certificate", I thought. If not, what should I have done with this certificate, to avoid these warnings/errors?
2. I guess I should be issuning a "set-PowerCLIConfiguration -InvalidCertificationAction Ignore" for future use?
Yes, use the Set-PowerCLIConfiguration, as you mentioned in point 2.
That should avoid the warning.
Best is to avoid the warning alltogether, with an official certificate or a self-signed certificate,
See KB2009857 in the latter case.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, use the Set-PowerCLIConfiguration, as you mentioned in point 2.
That should avoid the warning.
Best is to avoid the warning alltogether, with an official certificate or a self-signed certificate,
See KB2009857 in the latter case.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, applying the command would help suppressing the warning while try connecting server through powercli.
set-PowerCLIConfiguration -InvalidCertificationAction Ignore