Automation

 View Only
  • 1.  How to deal with certificate errors when connecting to VI-Server

    Posted Aug 31, 2012 03:22 PM

    I recently upgraded to Powershell v.5.01 and now I am seeing something new when to connect to my vCenter server.

    $vCenter="my-cVenter-FQDN"

    $vCenterCredFile = "\\path\to\vCenterCredentials.XML"
    $vCenterCreds = Get-VICredentialStoreItem -Host $vCenter -File $vCenterCredFile
    Write-Host "Connecting to vCenter ..."`n
    Connect-VIServer $vCenter -User $vCenterCreds.User -Password $vCenterCreds.Password | Out-Null

    and I get:

    Connecting to vCenter ...

    WARNING: There were one or more problems with the server certificate:

    * The X509 chain could not be built up to the root certificate.

    * The certificate's CN name does not match the passed value.

    Certificate: [Subject]

      E=support@vmware.com, CN=VMware default certificate, OU="VMware, Inc.", O="VMware, Inc."

    [Issuer]

      O=VMware Installer

    [Serial Number]

      116C6FA5

    [Not Before]

      6/9/2011 2:38:48 PM

    [Not After]

      6/6/2021 2:38:48 PM

    [Thumbprint]

      3075FD19521FBF00CDA8ACC3D2B2FBB6B454A611

    The server certificate is not valid.

    WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A FUTURE RELEASE. To ensure scripts are not affected by the change, use Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction option.

    so:

    1. I have added the certificate from my vCenter to my cert store (both "Trusted Root Certifcation Authorities" and "3rd Party Root Certification Authorities" , which should take care of the "build up to root certificate", I thought. If not, what should I have done with this certificate, to avoid these warnings/errors?

    2. I guess I should be issuning a "set-PowerCLIConfiguration -InvalidCertificationAction Ignore" for future use?



  • 2.  RE: How to deal with certificate errors when connecting to VI-Server
    Best Answer

    Posted Sep 02, 2012 11:34 AM

    Yes, use the Set-PowerCLIConfiguration, as you mentioned in point 2.

    That should avoid the warning.

    Best is to avoid the warning alltogether, with an official certificate or a self-signed certificate,

    See KB2009857 in the latter case.



  • 3.  RE: How to deal with certificate errors when connecting to VI-Server

    Posted Jul 29, 2016 07:51 PM

    Yes, applying the command would help suppressing the warning while try connecting server through powercli.


    set-PowerCLIConfiguration -InvalidCertificationAction Ignore