Hi all,
using VMware.PowerCLI Core 12.0.0.15947286 on Linux VM. Trying to import an item into vCenter content librarywhich fails with "The certificate is self-signed. The certificate is not trusted..". The certificate check is set to "Ignore" in PowerCLI configuration.
I don't see any options in New-ContentLibraryItem cmdlet to allow untrusted cert. How can I get the OVA imported when vCenter cert is self-signed? Thanks!
PS /home/user> $localContentLibrary = Get-ContentLibrary -Name 'Local library'
PS /home/user> New-ContentLibraryItem -ContentLibrary $localContentLibrary -Name 'nsx-unified-appliance-2.5.1.0.0.15314292' -Files "./tmp/nsx-unified-appliance-2.5.1.0.0.15314292.ova"
An error occurred while trying to update content library item's files. For more details check the inner exception.
vCenter error:
The import of library item 48d9ec5f-5fae-4905-adb1-2bbfa2d5aee1 has failed. Reason: The certificate is self-signed. The certificate is not trusted..
PS /home/user/tmp> Get-PowerCLIConfiguration | select InvalidCertificateAction
InvalidCertificateAction
------------------------
Ignore
Ignore
I would suggest to open an SR for this.
I agree that an official OVA should not contain self-signed certificates.
And yes, the option to bypass the certificate check is missing on the cmdlet.
I would suggest to launch an idea for this at VMware PowerCLI
In parallel inform your TSA
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Are you sure this is caused by the vCenter certificate and not the certificate included In the OVF?
Can you import the same via the Web CLient without issue?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Luc,
just tried it with the Web Client and it looks like you're right - the problem is with the self-signed certificate bundled with the OVA. This is an official NSX-T OVA that I downloaded from VMware. If I click "Proceed Anyway" then it's imported successfully.
It looks like there is no functionality to ignore OVA certificate with "New-ContentLibraryItem"? Perhaps this can be added in the future?
Thank you!
I would suggest to open an SR for this.
I agree that an official OVA should not contain self-signed certificates.
And yes, the option to bypass the certificate check is missing on the cmdlet.
I would suggest to launch an idea for this at VMware PowerCLI
In parallel inform your TSA
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Just in case someone else hits this - until the cmdlet option is added, a solution is to unzip the ova, remove the .cert file, and import it as ovf.