Highlighted
Contributor
Contributor

PowerCLI 6.3 changes with VimClient.Connect() for C# - SSL/TLS Error

I have been developing a c# app and was using the VMWare.Vim DLL from PowerCLI 6.0. I updated my PowerCLI and now i am unable to connect to the vCenter. The connection now throws an error of "The underlying connection was closed: could not establish trust relationship for the SSL/TLS secure channel". I never had this problem before i upgraded PowerCLI. Is there a way to disable checking the certificate?

Thanks

Tags (4)
0 Kudos
7 Replies
Highlighted
Enthusiast
Enthusiast

If it is an invalid server certificate you can use this:

Set-PowerCLIConfiguration -Confirm:$false -Scope AllUsers -InvalidCertificateAction Ignore -DefaultVIServerMode Single

Set the -InvalidCertificateAction to "Ignore" and it won't give you grief.  Beyond that, is there any reason that you can't go back to 6.0?

 

Josh

0 Kudos
Highlighted
Enthusiast
Enthusiast

I just read your response again.  You mention developing in C# but using PowerCLI.  Which one is it because those are two diffierent things??  If you are dev in Powershell, my code will work, but if you are using the vCenter SDK (Vmware.vim.dll) in C#, that won't work.  Let me know if you need something different.

 

Josh

0 Kudos
Highlighted
Contributor
Contributor

I am in the exact same situation with C#.   Any ideas how I might manage to get around this error?

Thanks.

0 Kudos
Highlighted
Contributor
Contributor

Able to work it out from some other searches....not the best way to do it perhaps, but will work for this purpose...

        private void IgnoreBadCertificates()

        {

            System.Net.ServicePointManager.ServerCertificateValidationCallback=new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);

        }

        private bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)

        {

            return true;

        }

Highlighted
Contributor
Contributor

I found this generic solution: .net - C# Ignore certificate errors? - Stack Overflow, so it works for me.

Highlighted
Contributor
Contributor

Hi there

Currently I am switching my app from 5.1 dll to 6.5 dll

How implement this solution for VimClient.Connect ?

regards

0 Kudos
Highlighted
Contributor
Contributor

Hi,

I don't know if you are still working on this but if you call

ServicePointManager

                    .ServerCertificateValidationCallback +=

                    (sender, cert, chain, sslPolicyErrors) => true;

Before VimClient.Connect() it will ignore the certificates.

Regards,

0 Kudos