How to import your VCSA certificate so ALL VMware vSphere browser security warnings go away in Windows 10

Posted by Paul Braren on Apr 26 2017 (updated on May 1 2017) in
  • Virtualization
  • ESXi
  • HowTo
  • HomeLab
  • HomeServer
  • You can free up tons of vertical real-estate when doing your day-to-day vSphere sysadmin by hiding the URLs and tabs and dead space in Chrome, see:

    certificate-warnings-chrome-and-edge

    The thing is, home-lab friendly browser features such as (insecure) password saving don't work once Chrome, or other browsers, have that intentionally nasty red X certificate warning mode, prompting you to bypass before even showing you the suspect page. Won't you feel better getting rid of those warnings, once and for all? Yes, this method even works for the vSphere Web Client (Flash) and the VMware Host Client/vSphere Client (HTML5), and leverages the certificate authority baked right into VCSA! Now you know why FQDN and DNS is so important for VCSA, eh?

    It's easy, just one certificate to import into your Windows 10 system-wide "Trusted Root Certification Authorities" store. Video details the simple procedure below.

    Prerequisites

    These are the circumstances in my home lab, where I recorded this short video:

    shortname

    If you meet these prerequisites, great, this video will show you exactly how easy this is!
    If not, or if you use Firefox, read VMware KB 2108294 for guidance, see also comment below.

    Video

    Step-by-step, with explanations as I go:

    How to import the VCSA certificate so VMware vSphere browser security warnings go away in Windows 10

    Instructions - visual

    What I like about this is that it's a do it once thing, and you'll likely never forget it. Nice that the certificate doesn't expire for 10 years too ;)

    2017-05-01_22-06-00
    open Edge Brower, type in the FQDN for your VCSA 6.0 then press enter, when warned, click 'Details'.

     

    2017-05-01_22-06-59
    click on 'Go on to the webpage'.

     

    2017-05-01_22-09-24
    click on 'Download trusted root CA certificates'

     

    2017-05-01_22-10-22
    click 'Open'

     

    2017-05-01_22-11-42
    double-click 'certs' folder

     

    2017-05-01_22-12-38
    double-click 'win' folder

     

    2017-05-01_22-14-11
    double-click 'filename.0.crt' (your exact filename will vary

     

    2017-05-01_22-15-21
    click 'Open'

     

    2017-05-01_22-16-21
    click 'Install Certificate...'

     

    2017-05-01_22-19-55
    click 'Local Machine' then click 'Next'
    2017-05-01_22-21-10
    when prompted by UAC, click 'Yes'

     

    2017-05-01_22-22-27
    select 'Place all certificates in the following store' then click 'Browse...'

     

    2017-05-01_22-24-05
    select 'Trusted Root Certification Authorities' then click 'OK'

     

    2017-05-01_22-25-16
    click 'Next'

     

    2017-05-01_22-26-12
    click 'Finish'

     

    2017-05-01_22-26-58
    click 'OK

     

    2017-05-01_22-28-31
    click 'OK', you're done!

     
    Now test it.

    1. close Edge Browser
    2. close Chrome
    3. open Chrome
    4. if Chrome still shows certificate warnings, close it again, and use Task Manager's 'Processes' Tab to to kill all chrome.exe instances, then open Chrome again to retest
    5. f you're looking to fix Firefox, see VMware's guidance here.
    6. that's it, enjoy the happy green padlock for the next 10 years!

    See also