8 Replies Latest reply on May 9, 2008 2:46 PM by colinbowern

    "identify yourself with a certificate"

    mhwarfield Novice

      Just installed 2.0b2 a little while ago and finally managed to connect to it from my web browser.  But now every few minutes I get a pop up window proclaiming:

       

       

        This site has requested that you identify yourself with a certificate:

       

      My servers host name

      Organization: "VMware, Inc."

      Issued Under: "VMware, Inc."

       

      Firefox then lists a selection of my client certificates, including my smart cards, and asks me to select one.  But it doesn't seem to matter if I select one and hit OK or if I hit cancel.  I'll get two or three popups like that and then it goes away for a while.  So, I presume I need to either install a client site certificate that the server likes or give the server the public certificate from one of my existing ones.  Which and how?  Is this happening because I already have client certificates installed for other services?

        • 1. Re: "identify yourself with a certificate"
          LeoL Hot Shot

          I have this too. And on IE7.

          "Solution" seems to be to delete my client certificates!

           

          Leo

          • 2. Re: "identify yourself with a certificate"
            mhwarfield Novice

            Well, it's good to get confirmation that it's also a problem on IE, but that's not a solution.  That's a kludge that won't work with most people who have client certificates.

             

            There are reasons for client certificates and very serious reasons at that.  Access to certain restricted web sites are mediated by some of these certificates and even my OpenID identification is locked to a client certificate.  If I could delete them, I probably wouldn't have them to begin with.

             

            My guess is that VMware is configured to look for a client certificate.  I need to either import one from that server (how do I generate it and where is the resulting .p12 file), or I need set it up to recognize my certificate (where do I install my certificate on the server), or I need to figure out how to disable the certificate checking.  I would guess this is some way to set it up to allow connections without logging in, which is great, I'd just love to know how to actually do it so it works.

            • 3. Re: "identify yourself with a certificate"
              jreichenb Lurker

               

              Well, I got the same problem with the certificate and I totally agree: deleting certificates is no option.

               

               

              For the moment, the pop-up comes about 2 times and then disappears showing the login screen. Log-on then is possible.

               

               

              Is there a solution or workaround in sight?

               

               

              Jürgen

               

               

              • 4. Re: "identify yourself with a certificate"
                derek_c Novice

                 

                This happens to me too when I try to use the remote console from another machine.

                 

                 

                VMware Server 2.0 Beta 2 is running on a  Centos 5.1 box,  the login attempts are from a Windows XP machine using Firefox 2.0.0.13. 

                 

                 

                • 5. Re: "identify yourself with a certificate"
                  chrislundin Lurker

                   

                  I have the same "problem". One workaround is to in firefox (linux) preferences select:

                   

                   

                  Advanced -> Encryption -> Certificates -> Select one automatically

                   

                   

                  • 6. Re: "identify yourself with a certificate"
                    jreichenb Lurker

                     

                    This possibility exists for the Windows-Version of Firefox as well. However, this workaround doesn't work for me, because the only certificates I have are quite old and have been issued for some special issue. They need a password for importing or selecting them - which I do not have any more.

                     

                     

                    BTW, not having this certificate get really annoying: it pops up all 20 sec and if you start a VM the pop up will cut the connection to the server if you do not respond. Then you have to reload the whole page and so on.

                     

                     

                    I believe I will try to generate a new certificate for me and see what happens then.

                     

                     

                    • 7. Re: "identify yourself with a certificate"
                      colinbowern Lurker

                      I wold concur that this is very annoying.  I've poked at the configuration files to try and find something but so far no luck.  Any Tomcat gurus around?

                      • 8. Re: "identify yourself with a certificate"
                        colinbowern Lurker

                         

                        I think I found it.. in tomcat\conf\server.xml look for <Connector port="8308" ... />.  Add the clientAuth="false" attribute to the element:

                         

                         

                        <Connector port="8308" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" clientAuth="false" />

                         

                         

                        What tipped me off was the proxy.xml I found in C:\ProgramData\VMware\VMware Server\hostd by observing the relationship noted in the <e id="2"> element to port 8308 and a namespace value of "/ui".

                         

                         

                        Restart the VMware Host Agent and VMware Virtual Infrastructure Web Access and no more client certificate prompts.