vSphere Hypervisor

 View Only
Expand all | Collapse all

How Do I Fix The VSphere Web Client Certificate Error?

  • 1.  How Do I Fix The VSphere Web Client Certificate Error?

    Posted Jul 15, 2018 02:19 AM

    Hello,

    I have a bare metal ESXI 6.7 host in a home lab for training purposes. I do not have VCenter. How do I get rid of the browser certificate error when using the web client?

    -VGuitarist



  • 2.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Aug 04, 2018 08:45 PM

    If you point your browser directly to an ESXi Host you use the "Host Client" and not the adobe flex based "Web Client" which is offered as part of the vCenter.

    Take a look to  Certificate errors when accessing vSphere web client on 6.5 (Hypervisor)  to the last post which also give you the answer when connecting to the Host Client. If you use Internet Explorer you have to add the Cert to the Windows Cert Store which is part of the OS. Mozilla FF use its own certificate store.

    As a second solution you can swap the ESXi default Cert to a self signed one (Not the easiest step!).

    Regards,

    Joerg



  • 3.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Feb 28, 2019 02:52 PM

    I'm in the exact same situation and I've spent two days looking for a solution with no luck. I thought I'd bump this thead rather than create an identical question myself.

    Some details on the test rig:

    - single bare metal host running ESXi 6.7

    - single PC acting as a client (Win 10), running Chrome web browser and connecting to the host by typing in the host IP address in the browser

    - no vCenter and no other VMWare products are installed

    On the host I've renamed it to "server3", then ran a command from ssh shell to regenerate the ssl certs, so they look fine if I view them in the web client (CN=server3).

    After typing in the IP address of the host I get the usual certificate invalid error, I pick the option to continue to the login screen, then right click on the web browser address field where it says "Invalid certificate", then choose copy cert contents to file, then save that as a .crt file, then I install this in the Trusted Root Authority folder. I've also tried running an WinSCP session and copied over the original host cert "rui.crt" and installed that as well, although I'm fairly sure it's the same cert. With those two installed I still get the invalid cert message, but it now says:

    "The issuer of this certificate could not be found"

    Which makes sense as the issuer is actually unknow, but I've got no idea what to do to make this work. Is it even possible to resolve without moving over to my own self signed certs? I've logged a ticket with VMware, but I'm fairly sure they'll just come back with a load of unrelated info, or send me links to articles which mention a solution for when you are using vCenter. Every single tutorial I've found suggests going over to the vCenter webpage, then picking the link for "download certs", but of course if you haven't got vCenter, you're not going to get those links.

    Rgrds,

    T.



  • 4.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Mar 01, 2019 02:12 PM

    Finally realised I was copying over the wrong cert :smileyconfused: you need to copy over the castore.pem cert, not the rui.cert one. Anyways, here's a short procedure which might help someone:

    - go to your ESXi host, open Configure Management Network, open DNS Configuration, set hostname to whatever your desired name is (server3 in this case). Esc out of the settings back to the main screen saving the network configuration when prompted

    - Alt+F1 to go into console (Alt+F2 to get out of it), log in as root and run the following to regenerate certs for the new host name:

    cd /etc/vmware/ssl

    /sbin/generate-certificates

    reboot

    - when the host is up and running, use WinSCP (or some other method) to copy the castore.pem from the /etc/vmware/ssl folder on the host to your local workstation. Hit start menu button on the workstation, start typing certif... and pick Manage computer ceritifactes, then in the left hand side list pick Trusted Root Ceritifaction Authorities / Ceritifactes, then on the list on the right, right click and pick All Tasks->Import. Select the downloaded castore.pem (select to view All files rather than crt only) and run through the import process

    - open your hosts file (c:\Windows\System32\Drivers\etc\hosts) and insert a new entry with your IP address and hostname

    - open up your browser and type in http://[hostname] which should open up the vsphere client login webpage with a valid cert and no issues



  • 5.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Sep 04, 2019 02:25 AM

    Thank you so much! This was bugging me so much and I spent a few hours here and there trying to fix it but this solved my problem! The only thing I stumbled on was to make sure was that the host/domain from ESXI was exactly the same as in my /etc/host file.

    Again, many many thanks. :smileyhappy::smileycool::smileyhappy:



  • 6.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Mar 13, 2020 09:29 PM

    dscish​ Merci !! / Thank you  :smileyhappy:



  • 7.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Aug 16, 2020 04:48 PM

    This works just fine but only for the IP the hostname is not in the certificate what did I miss?



  • 8.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Aug 16, 2020 04:58 PM

    The hostname will not be encoded in the default certificate, only the IP. You can replace the default certificate with a custom one of your choosing and specify the hostname in the CN field.



  • 9.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Apr 12, 2019 02:17 PM

    And after this if you don't have login page try this:

    After Installing ESXi, Once pressed Alt + F1 blank screen



  • 10.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Oct 11, 2019 10:58 AM

    Check the following link as the instruction of replacing ESXi self-signed certificate:

    Replace the Default Certificate and Key from the ESXi Shell



  • 11.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Aug 16, 2020 06:46 PM

    HAve you installed the host's self signed certificate into windows?



  • 12.  RE: How Do I Fix The VSphere Web Client Certificate Error?

    Posted Jan 28, 2021 11:17 AM

    Hi Guys,

    I have installed a proper trusted wildcard SSL that we use for our domain. The ESXi host FQDN is within our domain. ESXi shows that it has the correct SSL certificate and it's valid until 2022:

    Kalamchi_0-1611832346536.png

    Yet the browsers (any of them) still show that the connection is not secure ?

    I have rebooted the host after uploading the cert and key via SSH. Yet still the same complaint in the broswers.

     

    The host is bare metal ESXi 6.5, no vCenter.

    Any advice ?

    Thanks