WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple

Quick Tip - Certificate is not trusted when importing signed OVF/OVA into vCenter Server

06.12.2023 by William Lam // 1 Comment

An OVF/OVA can be digitally signed by a vendor to ensure its authenticity and when importing it into vCenter Server, the vSphere UI will either display that it contains a valid certificate or the certificate is not trusted as demonstrated in the example below:


If you are using a self-signed TLS certificate to sign an OVF/OVA, then it is expected that it would not be trusted by the Root Certificate Authority (CA) stored within the vCenter Server Appliance (VCSA).

However, if you have a valid TLS certificate that has been issued from a trusted certificate authority to sign an OVF/OVA, would you still see the error message? The answer actually surprised me.

[Read more...]

Categories // VCSA, vSphere Tags // ova, ovf, root certificate

Automating the import of vCenter Server 6.x root certificate

07.27.2016 by William Lam // 14 Comments

In vSphere 6.0, you can now easily import your vCenter Server's trusted root CA certificate onto your client desktop by simply downloading it from the vCenter Server's landing page as shown in the screenshot below. Michael White had also recently wrote about this topic here which includes a step by step walk through.

automate-import-of-vcenter-server-root-certificate-3
Several weeks back I was working on an internal project which required the vCenter Server's root certificate. I was already aware of this interface and had written a quick and dirty script to automate the process of downloading and importing the certificate to the system I was working on. To be honest, I did not think much of the script after I wrote it. It was just recently that Alan Renouf, who was also involved in the project mentioned that it might be worth sharing the script as others might also find it useful. I thought that was a good idea and re-factored the code a bit since it was being used in a slightly different context. While doing so, I also created an equivalent PowerShell sample since the original script was meant to run on either a Mac OS X or Linux platform.

With that, I have created a simple shell script called import-vcrootcertificate.sh which can run on either Mac OS X or Linux system and a PowerShell script called Import-VCRootCertificate.ps1

Both scripts are pretty easy to use, they accept a single command-line argument which is the Hostname/IP Address of the vCenter Server that you wish to import the root certificate from. Both scripts ere able to detect if the vCenter Server is Windows or the VCSA since they have a slightly different URL to the root certificate before performing the import. Since the script will need access to your certificate store, you will need to run the scripts using a privileged account.

Here is a screenshot of running the PowerShell script:

automate-import-of-vcenter-server-root-certificate-0
Here is a screenshot of running the shell script:

automate-import-of-vcenter-server-root-certificate-2

Categories // Automation, vSphere 6.0, vSphere Web Client Tags // add-trusted-cert, root certificate, ssl certificate, vCenter Server, vcenter server appliance

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...