siddjayy
Enthusiast
Enthusiast

Change Vcenter/vsphere IP address display in browser from unsecure to secure

Jump to solution

Hi Experts,

First of all I apologize for not putting the correct heading for the topic.

I am running vcenter and and esxi hosts, but whenever I access it using IP address, I get the "not secure" warning on browser.

pastedImage_0.png

I know this has to do with certification but have no idea how to proceed. Any links/insights would be much appreciated.

Thanks & Regards,

Siddhesh

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal

The correct way to do this based on what you want is to, first, have a proper DNS that is functional. And then to create a root certificate authority in your environment and integrate it into Active Directory (assuming you're using it). Replace the machine certificates with ones signed by your CA and propagate that root cert to all the machines in your domain. When they attempt to login to vCenter, the root cert that signed its cert will be trusted and therefore their browsers won't complain any more.

View solution in original post

0 Kudos
9 Replies
daphnissov
Immortal
Immortal

You basically have two options to remove nagging browser warnings:

  1. Install and trust the certificates locally on your machine(s).
  2. Replace certificates with CA-signed certs from an authority you already trust.
0 Kudos
siddjayy
Enthusiast
Enthusiast

Hello Daphnissov,

I knew you would come to rescue.Smiley Happy .Thank you very much.

1. How do I proceed with that? I am sorry but I have never done that. Any link to guide/documentation.

2. Do you mean certification authorities like verisign, goDaddy etc. ?

Thanks,

Siddhesh

0 Kudos
daphnissov
Immortal
Immortal

Well, first of all, we need to know what you have and on what versions. You said "vcenter and esxi hosts" but how many? What version? Next, what is it you want to do here? Do you just want to remove the annoying browser warnings, or do you want/need to integrate with a PKI system?

0 Kudos
siddjayy
Enthusiast
Enthusiast

Ok.

pastedImage_0.png

Over here , 5.4 , 5.5 , 5.6 (3)servers form the vCenter 6.5 High Availability with each one having Active, Passive and Witness VMs.

5.9, 5.10 (2) servers with vsphere 6.0u3 are part of HA/FT cluster and are managed by vcenter( IP address 5.8) .

Yes, all I want is to remove the browser warnings and just want to see  it as secure.

pastedImage_1.png

Basically, If I access 10.0.5.8 from any machine that is connected to VPN and is able to access the said address, then it should show secure instead of the warning.

Thanks a lot.

Regards,

Siddhesh

0 Kudos
daphnissov
Immortal
Immortal

Do you not have DNS in your environment? First step is going to be to destroy your vCHA configuration and use FQDNs for vCenter and all its hosts, then re-create. Do you want to eliminate browser warnings just for one workstation or a bunch? Do you have a PKI in place in your environment or not?

0 Kudos
siddjayy
Enthusiast
Enthusiast

1. We don't have any DNS yet. Will be building one soon.

2. Browser warning for any machine that is able to access the ip address/fqdn

Thanks,

Siddhesh

0 Kudos
daphnissov
Immortal
Immortal

The correct way to do this based on what you want is to, first, have a proper DNS that is functional. And then to create a root certificate authority in your environment and integrate it into Active Directory (assuming you're using it). Replace the machine certificates with ones signed by your CA and propagate that root cert to all the machines in your domain. When they attempt to login to vCenter, the root cert that signed its cert will be trusted and therefore their browsers won't complain any more.

View solution in original post

0 Kudos
siddjayy
Enthusiast
Enthusiast

daphnissov

Thank you  very much for the complete picture.You're the best!! One last question " your CA" can be any third party CA like verisign or goDaddy?

Regards,

Siddhesh

0 Kudos
daphnissov
Immortal
Immortal

It could be a third-party CA like the commercial ones you mentioned, sure, but be warned that vSphere does not support wildcard certificates. So if you've already purchased one, that won't work for vCenter and related components. For your reading pleasure: https://kb.vmware.com/s/article/2111219

0 Kudos