I am using Ubuntu GUI and Chrome browser to connect to vCenter.
I see the error that my connection may not be private:
Attackers might be trying to steal your information from 192.168.2.123 (for example, passwords, messages or credit cards). Learn more
usr/local/share/ca-certificates/ and run the command: sudo update-ca-certificates
it did not work.
After I moved, the certificate from lin folder to usr/local/share/ca-certificates/ and run the command: sudo update-ca-certificates
Also with no success.
Please advice me what should I do to install vCenter certificates on Ubuntu machine.
Thank you.
Hey eksip2,
Try this: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate (It is similar on how you did it but also have some additional steps)
And check in this file if the path has been reflected: /etc/ca-certificates.conf
Thank you Laregre
I tried the link but it did not work. I tried on my local ubuntu, and on virtual ubuntu server (were I installed GU)
Here are the commands I run on
https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate
root@lab1:/home/lab1/Downloads/download/certs/win# ls
dbad4059.0.crt dbad4059.r0.crl
root@lab1:/home/lab1/Downloads/download/certs/win# cp dbad4059.0.crt /usr/share/ca-certificates/extra/
root@lab1:/home/lab1/Downloads/download/certs/win# cd /usr/share/ca-certificates/extra
root@lab1:/usr/share/ca-certificates/extra# ls
dbad4059.0.crt
root@lab1:/usr/share/ca-certificates/extra# sudo dpkg-reconfigure ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Processing triggers for ca-certificates (20190110ubuntu1.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@lab1:/usr/share/ca-certificates/extra# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@lab1:/usr/share/ca-certificates/extra#
root@lab1:/usr/share/ca-certificates/extra# less /etc/ca-certificates.conf
la/VeriSign_Universal_Root_Certification_Authority.crt
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
mozilla/XRamp_Global_CA_Root.crt
mozilla/certSIGN_ROOT_CA.crt
mozilla/ePKI_Root_Certification_Authority.crt
mozilla/thawte_Primary_Root_CA.crt
mozilla/thawte_Primary_Root_CA_-_G2.crt
mozilla/thawte_Primary_Root_CA_-_G3.crt
extra/dbad4059.0.crt #this line indicates thatvCenter certificate was added to ca-certificates.conf
as it was mention here https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate
#this is a lab envirnomen and this is how the certificate looks like
oot@lab1:/usr/share/ca-certificates/extra# cat dbad4059.0.crt
-----BEGIN CERTIFICATE-----
MIIECzCCAvOgAwIBAgIJAOVFQJ3o+FTMMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYD
VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ
FgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNV
BAoMCWxvY2FsaG9zdDEbMBkGA1UECwwSVk13YXJlIEVuZ2luZWVyaW5nMB4XDTIw
MDcyMDEzNDAyM1oXDTMwMDcxODEzNDAyM1owgZAxCzAJBgNVBAMMAkNBMRcwFQYK
CZImiZPyLGQBGRYHdnNwaGVyZTEVMBMGCgmSJomT8ixkARkWBWxvY2FsMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UECgwJbG9jYWxob3N0
MRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/QkcJNHMxKlUr2EJRZx42YsISn8L7FssxFS2f6ppjTvt8
i4kDdLKbBQN2SbSX8FeBYneRyLMOlnZO0Hqp0qXFS6rKkjyebJSoL4Be+sPBam2M
vFmlANwfYwUWKk/hnpn5QB0scbZEJrIodAc2JRNMjJC1WUwD62OnbwNllkv4CdGl
uIJiQbk9BOFpbbvb/vJDyFgJbSB2DlX3iKJ3D9Kq7YBtIyG+iWd3CH5ST6Ae4AOL
25dIzT7XVVehkfm8gRbUslRQd+8o0JM3anh4GOuzMs5NbcH6VDRKDnZbKCoNU546
Hkg578mo3jtyNWS7OqyBPQT0RUyRgDSpaB/9lBMJAgMBAAGjZjBkMB0GA1UdDgQW
BBQMYccCS2z3eMRfSqqatMGmcVL8SjAfBgNVHREEGDAWgQ5lbWFpbEBhY21lLmNv
bYcEfwAAATAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq
hkiG9w0BAQsFAAOCAQEAs88XR2vKfX41m3sstxY6xaovMHOj7A1bTtbjVGKe0iBa
AoCx4QZRMMjYf+JHXovpoDEFypexSetViYB31zT/5I/8nLDFvKrZ4fkOUQqZqrPU
g3JET29uOlR+wLQ6eodEgNGO4lReSrNWxETNr3bCtWEqwUO29dlSkceMO7xsMWqY
SHPlfM99AM7EUukK7Jwv1mqsSGkg/EnDwwbPxqRn8JktUPHdHCheKBbq2AGAf7WS
1vQO5DN9eDzBAFxOr20KkbTf6a1wG2DkM4lFs9PC56mAnYRGAP+AbWkn/yABmaBX
QHhHSJE6XR98dVQFxrHNZKeYrm5ssx7Quw81/RJMEg==
-----END CERTIFICATE-----
root@lab1:/usr/share/ca-certificates/extra# less /etc/ca-certificates.conf
Hey eksip2,
I would like to know something. Is this certificate a self-signed one or a custom CA one. From the download.zip you only get two files or more than those?
Also assuming for your extract you are using Firefox for browsing vCenter Server. There is a known issue regarding using this browser than can be fixed following this procedure: https://ivobeerens.nl/2018/02/13/firefox-not-trusts-vcenter-ca-signed-certificates/
Let us knot how it goes!
Hello Lalegre,
Thank you for your reply. I was able to install vCenter certificates on Firefox and in Firefox the connections is shown as secure now.
Now I am trying to install vCenter certificates on Ubuntu to fix the security warning on Chrome as well.
Your question: I would like to know something. Is this certificate a self-signed one or a custom CA one?
I did not add any additional ssl certificates to vCenter. I am using certificates which can be exported from vCenter by default.
download.zip files has two files in each folder (win, lin, mac)
Thanks for your help.
Hello eksip2,
Quick question, does your self-signed certificate from vCenter contains the FQDN in the Subject Alternative Name? If it does not contain it will not be trusted by Chrome. This validation was applied on the Chrome version 58.
If you get the next error during the cert validation on Chrome then that is your issue: NET::ERR_CERT_COMMON_NAME_INVALID
Of course you can bypass the validations of SSL but this will be applied at browser level and you should not do that because it will be applied to all the sites.
If you really want that i would recommend you to generate a new SSL Certificate (Custom or Self-Signed) but adding the SAN to it.