These days it’s easy to find small environments where VMware vCenter SSL certificate is not signed by a proper certification authority. For example, you just installed vCenter Server in your lab as described in How to Install VCSA 6.5 (VMware vCenter Server Appliance).
Below picture is something you see often in these environments. In this article I will show how to trust all vCenter issued certificates on a single Windows computer. This will take care of vCenter SSL certificate and also the ESXi servers certificates (only for the ESXi servers under vCenter management, of course) in Internet Explorer, Microsoft Edge and Google Chrome.
Install vCenter SSL Certificate
First step is to access the root URL of your vCenter Server (in my case https://vcenter.lab.local) in Internet Explorer. After you pass through the above screenshot, you will be presented with vCenter landing page. Notice the red “Certificate error” on the address bar. In the bottom right side of the page there is a link “Download trusted root CA certificates”. Right-click on it and click “Save target as…”. Make a note of the folder where you’re downloading the certificates archive.
Unzip the archive and navigate to “certs/win”. Right-click on the crt file and choose “Install Certificate” from the menu.
The Certificate Import Wizard will start. Click on “Next”.
Click on “Place all certificates in the following store”. Then click “Browse” and choose “Trusted Root Certification Authorities”. Click “OK” and then “Next”.
Click “Finish”.
Confirm the import was successful. “Click “OK”.
Confirm vCenter SSL Certificate Is Now Trusted
Close all Internet Explorer windows. Open Internet Explorer and visit vCenter root URL or vSphere Web Client URL. The error page is gone and you have a nice padlock on the right side of the address bar.
Open Google Chrome and access same URL. You will see a nice green secure icon and no ugly red error 🙂
If you’re part of a large deployment, you may wish to try alternative ways of trusting the vCenter SSL certificate. See KB2108294 for two ways to achieve this (Active Directory Group Policy Update in Deployments with VMCA as an Intermediate Certificate Authority, Active Directory Group Policy Update in Deployments with Custom Certificates or VMCA-Signed Certificates).