certificate import error

ganapa2000 · ‎02-28-2019

Hi,

I am getting the below error while I try to run the below script to import the certificate

Please help

Error:

Testing vCenter URL https://pocvcenter65:5480

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 10.10.10.10:5480

at System.Net.Sockets.Socket.InternalEndConnect(IAsyncResult asyncResult)

at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exc

eption)

--- End of inner exception stack trace ---

at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request)

at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()

Downloading VC SSL Certificate from https://pocvcenter65/certs/download.zip to C:\Users\adm\Desktop\cert.zip

Importing to VC SSL Certificate to Certificate Store

System.Management.Automation.MethodInvocationException: Exception calling ".ctor" with "1" argument(s): "The system cannot find the file specified.

" ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)

at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)

at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)

at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName)

--- End of inner exception stack trace ---

at System.Management.Automation.DotNetAdapter.AuxiliaryConstructorInvoke(MethodInformation methodInformation, Object[] arguments, Object[] originalArguments)

at System.Management.Automation.DotNetAdapter.ConstructorInvokeDotNet(Type type, ConstructorInfo[] constructors, Object[] arguments)

at Microsoft.PowerShell.Commands.NewObjectCommand.CallConstructor(Type type, ConstructorInfo[] constructors, Object[] args)

Cleaning up, deleting C:\Users\adm\Desktop\cert.zip

Cleaning up, deleting C:\Users\adm\Desktop\certs

LucD · ‎02-28-2019

The initial Invoke-WebRequest fails since the target doesn't seem to allow the connection.

Any FW rules in place?

Can you do the download from the Web Client?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

ganapa2000 · ‎02-28-2019

No Firewall, I am able to download manually from web-client

LucD · ‎02-28-2019

In any case, the error seems to indicate that the VCSA refuses the connection.

You can check if this works.

$vcsaName = 'your-vcsa-fqdn'

$uri = "https://$($vcsaName):5480"

Invoke-WebRequest -Uri $uri -TimeoutSec 5

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

ganapa2000 · ‎02-28-2019

Hi LucD,

Now, I am getting below error

Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

At line:1 char:1

+ Invoke-WebRequest -Uri $uri -TimeoutSec 5

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException

+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

LucD · ‎03-01-2019

Have you checked KB2137109?

And WIlliam's Auditing & Automating Disabled Protocols (TLS/SSLv3) for ESXi 6.0u3 & 6.5 using PowerCLI post?

What PowerCLI version are you using?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

ganapa2000 · ‎03-01-2019

I am using VMware.PowerCLI 10.0.0.7895300

LucD · ‎03-01-2019

And what about the SSL/TLS?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

certificate import error