Hello all,
I do not have custom certs in my lab, but rather am using the ones that VMware has in the vCSA. So that means I get an opportunity to do an extra click when access the vSphere Web Client.
You can easily fix this by using the info in this VMware KB article. It has the info for you to fix it right – using Active Directory, but also in a browser. So long as it is in Windows. So good article. However, I use a Mac. This article will help with that.
First, you will need to access your vCenter – just with the FQDN and no extra URL stuff.
So in my case, as seen above, I access https://lefroy.thewhites.ca and note near the bottom where you can download the trusted root certs? Once that is downloaded, you need to expand it. I am using Chrome as my browser, but you may need to add .zip to the downloaded file name – it depends on your browser. Once expanded, and you change into the certs folder you will see something like below.
We only need one of these two files but it needs to be prepared first. Use copy and paste of the one that is .0 and change the file extension to be .crt.
Now this file can be imported as necessary. We need to import it using the following steps.
You start by accessing the Chrome Settings.
Once in the Settings area you will need to scroll to the bottom and expand. Now you need to look for HTTP / SSL.
Use the Manage certificates button. This will in fact open up your Apple OS Keychain. You will need to change to Trusted Root Certification Authorities – as seen below.
Use the Import button to browse out and select the file we renamed to *.crt.
After you do, and select Next you will be prompted about the Certificate Store.
It should default to what we already chose, but if not, use the Browse button to fix it. Once it is imported we will notice a small issue.
Note the red X seen above? That is what we imported and due to the missing info in the (self signed) certificate it has been disabled. So not good. But, we imported it, and we got it from VMware so I think we can trust it. So double+click on it and see an odd screen like below.
The first drop-box will need to be changed to show Always Trust like we see above. Once that is done and we close the window our display will have changed.
Instead of a red X we have a somewhat green + and that means when we connect to our vC we will NOT get a request for an extra click. If however you work in the vSphere HTML5 Client, which I try to do, you will still need to do the extra click.
Yes, this can be avoided by using a signed cert, and publishing that cert throughout your enterprise, but if like me, you have not done that in your lab, this article will help you with the vSphere Web Click and less clicks.
Update – William has a script to do this now – very handy – find it here. Thanks also William for the mention!
Michael
=== END ===