Lagardia
Enthusiast
Enthusiast

ESXi 6.7 Certificate driving me crazy!!

Hi, I have just installed ESXi 6.7 in a home lab.

IP address is 192.168.0.100

Name is vcenter01.rob.com

I can ping from from my laptop

How can I get rid of the certificate warning when accessing it either by IP address or name using chrome?

I just want to be able to access https://vcenter01.rob.com securely and log in with out any warnings.

(One of the virtuals I have is Citrix XenDesktop 7.17 running on Windows server 2016 and it requires a secure connection to my ESX host.)

Just want simplest step by step  instructions. (Screen shots maybe) .How hard can this be??

Note this is 6.7 not 6.0 or 6.5 so in my browser (Chrome, IE, Firefox) I do not get an option to download the certificate.

Spent literally hours on this so someone please put me out of my misery.

19 Replies
Raj1988
Enthusiast
Enthusiast

Download the certificate from the browser link and add it to trusted root . This would only help on the local machine.

If not you need custom certs.

For VC follow http://woshub.com/removing-vmware-vcenter-self-signed-certificate-warning/

0 Kudos
Lagardia
Enthusiast
Enthusiast

I do not get an option to download the certificate

0 Kudos
a_p_
Leadership
Leadership

Welcome to the Community,

just to make sure I understand this correctly. You are talking about an ESXi certificate, but mention vCenter Server.

Is this about accessing to the ESXi host directly, or a vCenter Server instance? Only vCenter Server has an option to download certificates.

André

0 Kudos
Lagardia
Enthusiast
Enthusiast

Accessing ESXi host directly using a web browser to administer it.

0 Kudos
a_p_
Leadership
Leadership

What you may check is whether it is possible to make XenDesktop aware of the ESXi host's self signed certificate (e.g place it in some kind of trusted certificates store), or purchase an official certificate for the ESXi host.

André

0 Kudos
Lagardia
Enthusiast
Enthusiast

Are you serious??

If you don't know what you are talking about don't leave a comment.

0 Kudos
IRIX201110141
Virtuoso
Virtuoso

Hello,

like in the previous versions of the VCSA there is a download link called "Download trusted Root CA Certs" in the LOWER RIGHT corner of the vcsa start page (where you can select to start webclient or html5. Its a zip and contains the CA Chain (root ca and host cert). Both have to be importet in your lokal CA store (depends on OS or used browser). After doing this and a restart of your browser you dont get any warning about untrusted cert in your browser.

Regards,

Joerg

0 Kudos
Lagardia
Enthusiast
Enthusiast

What is the link to the VCSA start page url?

That's the bit I'm missing ….

http://server name//

0 Kudos
Lagardia
Enthusiast
Enthusiast

If this is my ESX server

https://vcenter01.rob.com/

What is the VCSA start page url going to be??

0 Kudos
IRIX201110141
Virtuoso
Virtuoso

If you name something "vcenter01" i would expect that you are talking about the vCenter server which is the VCSA (linux based appliance) and is used as a central management solution of multible ESXi Hosts and for using als the cluster and adv. stuff.

Yes, "https://vcenter01.rob.com" should be the startpage. But you can compare to the following screenshot and in the lower right you will see the download link.

vcsa.PNG

Regards,

Joerg

0 Kudos
Lagardia
Enthusiast
Enthusiast

This is the problem, I don't get this screen … I just get the logon screen which takes me into the admin screen where I create my virtual servers etc.

0 Kudos
diegodco31
Leadership
Leadership

Hi, your need import the Root CA of the vcenter server to the Citrix Server.

Connect of the citrix desktop, open the internet explorer and step and step:

How To Install the Root Self-Signed Certificate from vCenter 6.0 -- Virtualization Review

Other links:

Using the default VMware vCenter server certificate in XenDesktop POCs | Citrix Blogs

Setup the default VMware vCenter server certificate in XenApp | Ervik.as - EUC, HCI, Cloud and Virtu...

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego
0 Kudos
daphnissov
Immortal
Immortal

Alright, the previous poster is confused. You aren't running vCenter, just a standalone host. There is no vCSA start page. But why you've decided to call this host "vcenter01" is strange. In any case, in Chrome press F12 and to the security tab when logged into your ESXi hosts web GUI. Download the certificate it is presenting to your machine. Double click and add it to trusted root certificate store.

sk84
Expert
Expert

Why are you so aggressive? We are trying to help you here and your details are not as clear as you think. And most people here aren't VMware employees either. We help others here in our free time. Therefore, a more friendly tone would be appropriate.

But back to your problem. What I don't understand is the following:

You write that you want the certificate for ESXi, but try to access the domain "vcenter01.rob.com". This is confusing. But you also write that you are redirected directly to the login screen and do not see the start page in the screenshot.

However, this start page only appears for the vCenter. If you access the ESXi host directly via the host client, the login window appears directly. That's normal.

So, either you have a vCenter running, then use this URL, or if you only have an ESXi host without vCenter, then try the following instructions for the chrome browser:

- In the address bar, click on the left side on the lock symbol

- Choose the menu option "certificate" (a new window will pop up)

- Click on the tab "Details"

- Click on "Copy to file" and save the certificate file

- Close the chrome browser

- Double-click the newly created file and run the Windows Import Wizard

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
blackhauk
Enthusiast
Enthusiast

This guy (Lagardia) is a jack-wagon, and doesn't know sh!+ from shinola.  On top of that, he's just plain rude.  If you knew what you were talking about it would be easier for us to help you, but since you sound like you know it all and are getting pissy with those of us who would like to help, go jump in a lake.

Yeh, I know, this was not helpful, but neither is this guys entire thread...  AND there are some legit answers in this thread and the guy didn't even mark it 'Answered'...

0 Kudos
NRay
Contributor
Contributor

0 Kudos
diegodco31
Leadership
Leadership

Hi

Check if the following Citrix CTX article helps:

XenApp/XenDesktop 7.X : How to Obtain And Import A VMware-installed Self-Signed Certificate For vCen...

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego
0 Kudos
VlSher
Contributor
Contributor

See the message from tomj2 dated Mar 1, 2019 at 4:52 PM to ESXi 6.7 SSL certificates without vCenter - Spiceworks .
That worked for me.

0 Kudos
wice222
Contributor
Contributor

Gentlemen have an issue with ESXi interface, not a VSphere interface, I guess you all should know the difference by now, Smiley Happy

Indeed vSphere gives you an option to get Certificate to update your root CA storage on win or Linux, from where ever you are opening your web GUI

But this option is Not in ESXi GUI interface Smiley Wink

I'd suggest reinstall SSL by installing some cheap trusted root cert

by following VMware manual (Which is never 1,2,3,4 unfortunately)

Regards

0 Kudos