VMware {code} Community
CaptainCrunchNo
Contributor
Contributor

PowerCLI 6.3 changes with VimClient.Connect() for C# - SSL/TLS Error

I have been developing a c# app and was using the VMWare.Vim DLL from PowerCLI 6.0. I updated my PowerCLI and now i am unable to connect to the vCenter. The connection now throws an error of "The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel". I never had this problem before i upgraded PowerCLI. Is there a way to disable checking the certificate?

Thanks

Tags (4)
Reply
0 Kudos
7 Replies
joshames
Enthusiast
Enthusiast

If it is an invalid server certificate you can use this:

Set-PowerCLIConfiguration -Confirm:$false -Scope AllUsers -InvalidCertificateAction Ignore -DefaultVIServerMode Single

Set the -InvalidCertificateAction to "Ignore" and it won't give you grief.  Beyond that, is there any reason that you can't go back to 6.0?

 

Josh

Reply
0 Kudos
joshames
Enthusiast
Enthusiast

I just read your response again.  You mention developing in C# but using PowerCLI.  Which one is it because those are two diffierent things??  If you are dev in Powershell, my code will work, but if you are using the vCenter SDK (Vmware.vim.dll) in C#, that won't work.  Let me know if you need something different.

 

Josh

Reply
0 Kudos
StephenEngle
Contributor
Contributor

I am in the exact same situation with C#.   Any ideas how I might manage to get around this error?

Thanks.

Reply
0 Kudos
StephenEngle
Contributor
Contributor

Able to work it out from some other searches....not the best way to do it perhaps, but will work for this purpose...

        private void IgnoreBadCertificates()

        {

            System.Net.ServicePointManager.ServerCertificateValidationCallback=new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);

        }

        private bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)

        {

            return true;

        }

joshboy
Contributor
Contributor

I found this generic solution: .net - C# Ignore certificate errors? - Stack Overflow, so it works for me.

spauer
Contributor
Contributor

Hi there

Currently I am switching my app from 5.1 dll to 6.5 dll

How implement this solution for VimClient.Connect ?

regards

Reply
0 Kudos
xucito
Contributor
Contributor

Hi,

I don't know if you are still working on this but if you call

ServicePointManager

                    .ServerCertificateValidationCallback +=

                    (sender, cert, chain, sslPolicyErrors) => true;

Before VimClient.Connect() it will ignore the certificates.

Regards,

Reply
0 Kudos