How to import your VCSA certificate so ALL VMware vSphere browser security warnings go away in Windows 10

Posted by Paul Braren on Apr 26 2017 (updated on Jan 31 2020) in

13 Comments

You can free up tons of vertical real-estate when doing your day-to-day vSphere sysadmin by hiding the URLs and tabs and dead space in Chrome, see:

VMware vSphere Taskbar Shortcuts Unleashed - profile switcher isolated and uncluttered Chrome Browser UIs act like native Windows apps!
Mar 27 2017

The thing is, home-lab friendly browser features such as (insecure) password saving don't work once Chrome, or other browsers, have that intentionally nasty red X certificate warning mode, prompting you to bypass before even showing you the suspect page. Won't you feel better getting rid of those warnings, once and for all? Yes, this method even works for the vSphere Web Client (Flash) and the VMware Host Client/vSphere Client (HTML5), and leverages the certificate authority baked right into VCSA! Now you know why FQDN and DNS is so important for VCSA, eh?

It's easy, just one certificate to import into your Windows 10 system-wide "Trusted Root Certification Authorities" store. Video details the simple procedure below.

Prerequisites

These are the circumstances in my home lab, where I recorded this short video:

willingness to type in FQDN
eg. https://vcsa.lab.local, not just https://vcsa
(I create single-click taskbar shortcuts anyway)
stand-alone Windows in workgroup mode
(not joined to Active Directory)
Administrative rights to Windows
VCSA 6.0 or later

If you meet these prerequisites, great, this video will show you exactly how easy this is!
If not, or if you use Firefox, read VMware KB 2108294 for guidance, see also comment below.

Video

Step-by-step, with explanations as I go:

How to import the VCSA certificate so VMware vSphere browser security warnings go away in Windows 10

Instructions - visual

What I like about this is that it's a do it once thing, and you'll likely never forget it. Nice that the certificate doesn't expire for 10 years too ;)

If you get this error when attempting to log in to your VCSA appliance from chrome:

Your connection is not private
Attackers might be trying to steal your information from vcsa.lab.local (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID

it's easiest to cut over to Firefox, and follow the rest of the below steps from there.

2017-05-01_22-06-00 — open Edge Brower, type in the FQDN for your VCSA then press enter, when warned, click 'Details'.

2017-05-01_22-06-59 — click on 'Go on to the webpage'.

2017-05-01_22-09-24 — click on 'Download trusted root CA certificates'

2017-05-01_22-11-42 — double-click 'certs' folder

2017-05-01_22-12-38 — double-click 'win' folder

2017-05-01_22-14-11 — double-click 'filename.0.crt' (your exact filename will vary

2017-05-01_22-16-21 — click 'Install Certificate...'

2017-05-01_22-19-55 — click 'Local Machine' then click 'Next'

2017-05-01_22-21-10 — when prompted by UAC, click 'Yes'

2017-05-01_22-22-27 — select 'Place all certificates in the following store' then click 'Browse...'

2017-05-01_22-24-05 — select 'Trusted Root Certification Authorities' then click 'OK'

2017-05-01_22-28-31 — click 'OK', you're done!

Now test it.

close Edge Browser
close Chrome
open Chrome
if Chrome still shows certificate warnings, close it again, and use Task Manager's 'Processes' Tab to to kill all chrome.exe instances, then open Chrome again to retest
if you're looking to fix Firefox, see VMware's guidance here.
that's it, enjoy the happy green padlock for the next 10 years!

Jan 31 2020 Update

Great info in this @lamw tweet, here's an excerpt:

PSA: If you’ve upgraded to latest version of Chrome & having issues logging into vSphere Client w/ "NET::ERR_CERT_REVOKED”, you need “ghost type” on that page “thisisunsafe” to bypass

And here's the Google Support comment he refers to:

Abhaas Sood 12/6/19
This solution really works.

"Here's the fix!!! As of 10/21/19 the bypass word is "thisisunsafe"

Once you get to the page that says "Your connection is not private" click somewhere on the page and then blindly type the following thisisunsafe

This will instantly bypass the warning. Please don't do this on sites you don't trust."

I am just surprised how do people even find these kind of solutions.

Nice tutorial as always... If I can make two points. FireFox has its own certificate store (Chrome shares the Windows store) and will require a separate import. Not a big deal. For AD Domain joined devices you can still import on each member device as desired or distribute via GPO taking care to target accordingly (OU and/or WMI filter). Keep up the good work.

Easily update VMware ESXi at TinkerTry.com/easy-update-to-latest-esxi

Updates aren't so easy any more, read all about Broadcom's strategy for their VMware acquisition.

Pay particular attention to item 3 below,.

Source - Below paragraphs generated by Perplexity Deep Research that includes information from 43 sources including Wikipedia - Enshittification:

Why This Exemplifies Enshittification

VMware under Broadcom demonstrates the classic enshittification pattern with remarkable precision:

1. Lock-in exploitation: VMware's market dominance—used by roughly 80% of organizations for infrastructure products—meant customers couldn't easily switch. With approximately 375,000 customers globally running thousands of virtual machines in production environments, complete migration was "highly unlikely" for large enterprises.^abiresearch

2. Value extraction over value creation: Broadcom's explicit goal was to "monetize the top 600 customers and shed the rest", focusing entirely on revenue extraction rather than product improvement. The company's earnings reports showed that the VMware acquisition more than doubled its software division, demonstrating successful financial extraction.^remio

3. Degradation of service: Beyond price increases, Broadcom discontinued the free ESXi hypervisor used for testing and lab environments, reduced partner support options, and made accessing security patches contingent on expensive subscriptions.^{parkplacetechnologies}

4. Minimal restraint: As Doctorow's framework predicts, enshittification occurs when "the collapse of discipline" allows companies to act without competitive, regulatory, or market constraints. Broadcom faced minimal effective pushback despite lawsuits and regulatory complaints, with 87% of VMware's top 10,000 customers eventually signing VCF agreements.^newyorker

The VMware situation perfectly illustrates what one industry observer described as "the classic case of enshittification—where a platform degrades in value to the user to extract maximum value for the shareholder". Even if Broadcom were to reverse course, "the trust is gone" and "the threat of future audits and contract changes remains".^remio

This transformation wasn't caused by technological requirements or competitive pressures—it was, as Doctorow would say, done "on purpose". Broadcom's CEO Hock Tan explicitly framed the strategy as maximizing value from each customer rather than keeping every customer, embodying the enshittifier's credo of creating value only to harvest it entirely.^youtube ^{washingtonmonthly}

Necessity to sunset SuperServer Bundles

What happened and what's next.

These systems still work great for many even 9+ years later, mine included, even with (unsupported) vSphere 8 and Windows 11 Version 21H2. But as far as official support from VMware ESXi or Microsoft Windows 11, it's the end of the line. It's okay, we had a really good run.

In mid-2021, after 6 successful years testing then shipping well over 1,000 Xeon D Bundles, Wiredzone had to stop SuperServer bundles due to cost, supply, and logistics challenges. Bare bones system sales continued for years longer.

What's next in 2026? I don't yet have my answer for my home lab, especially now that VCF certification is required to keep non-production home lab licenses going, even as a vExpert and VMUG Advantage EVALExperience customer.

The Xeon D-1700/2700 (Ice Lake D) was a minor refresh for 2023, with Xeon D-1800/2800 (Granite Rapids D) refresh slightly better in 2024, and hopefully Xeon 6 (Granite Rapids-D) much better in 2025 featuring PCIe Gen5, MCRDIMMs, and 100GbE networking, wow! Feb. 27 2025 update looks promising, but pricey. Same goes for the Supermicro SYS-E403-14B-FRN2T Review The Super Cool 1P Edge Server, available at Supermicro eStore, but this fairly small beast is 400 watts under load, and isn't suited for using any 3.5" drives you may still want to use.

Unfortunately, it's become clear to me that Supermicro is less focused on the mini-tower form factor these days, and Broadcom isn't interested in supporting home labs.

As for the CPU industry, it's unfortunate that Pat Gelsinger was apparently ousted from Intel's helm in these challenging times, but I'm also grateful to have had the honor of working at VMware when he was the CIO there. I'll leave it at that, given the whole Broadcom thing.

Recent Comments

Paul Braren | TinkerTry.com

Jan 04, 2026 at 3:12 AM UTC

TinkerTry's 2025 Home Tech Refresh

"This is a simple test of TinkerTry.com new improved handling of Disqus, and it uses the new API and lazy and deferred loading wherever possible. Disqus comments have returned to the sidebar area of al..."

George Pericleous

Nov 18, 2025 at 4:29 AM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"so on an existing installation is not possible to update it? i couldnt even figure out how to create the tokens lol i dont have that option i think on the dashboard..."

Paul Braren | TinkerTry.com

Nov 18, 2025 at 4:24 AM UTC

Download all the VMware vSphere 5.5 pieces to get your home lab started

"I cannot do that. I run a legit site, and I have no special access to the code anyway since I don’t work for Broadcom."

Paul Braren | TinkerTry.com

Nov 18, 2025 at 4:23 AM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"It is quite frustrating. While I managed to get the free ESXi 8U3e hypervisor installed (new install only) with a license that doesn’t expire, you still need a token to even patch it the easy way: h..."

George Pericleous

Nov 16, 2025 at 8:44 PM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"i m trying to find the way to generate the tokens etc but i m confused with broadcom....i think its about the time to start migrating to different platform...."

Pedro Braz

Jul 29, 2025 at 6:08 PM UTC

Download all the VMware vSphere 5.5 pieces to get your home lab started

"Hello, I need help with the vCenter installer. Could you make it available in some drive so I can download it? I have the license and need to activate it to work in an old environment."

Pedro Braz

Jul 29, 2025 at 6:07 PM UTC

Download all the VMware vSphere 5.5 pieces to get your home lab started

"Olá preciso de ajuda com o instalador do vCenter, poderiam me disponibiliar em algum drive para que eu possa fazer o download? Eu possuo a licença e preciso ativar para trabalhar em um antigo ambien..."

ayham raed

Jul 20, 2025 at 4:22 PM UTC

How to resolve “This virtual machine appears to be in use” error in VMware Workstation

"Still works, using VMware 17.6.3"

Chris

Jun 11, 2025 at 7:51 PM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"I sourced the update zip from a third-party website and ran the following commands. The update seem to have gone fine. I suggest verifying the checksum of the file if you go down that route, as an ext..."

Paul Braren | TinkerTry.com

Jun 05, 2025 at 4:57 PM UTC

TinkerTry Supermicro SuperServer Bundles - powerful and efficient virtualization home labs

"I have not, as I moved homes and got rid of everything old, and I tend to avoid eBay stuff partly for support and energy use reasons. It’s amazing that I’m still running both of my SuperServers t..."

jeffshead

Jun 05, 2025 at 8:19 AM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"Yes. It can be downloaded from the Broadcom site. It is under Free Downloads and comes with a Free license integrated in the ISO. https://support.broadcom.com/group/ecx/free-downloads"

Paul Braren | TinkerTry.com

Jun 05, 2025 at 2:56 AM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"I admit I haven't looked into that, but I appreciate you dropping that idea my way here on TinkerTry! I'm doing much of the same soul searching and tech solution searching that many others are likely ..."

jeffshead

Jun 04, 2025 at 8:41 PM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"Is there a way to upgrade with the full ISO without overwriting the currently installed license? It wouldn't be a total loss if we could somehow mount the ISO and use a command like below to upg..."

diyisih476

May 28, 2025 at 11:33 AM UTC

TinkerTry Supermicro SuperServer Bundles - powerful and efficient virtualization home labs

"This was such an insightful look back at the impressive legacy of these Supermicro Xeon D bundles! It's remarkable how these compact yet powerful systems served the homelab community so well for ..."

Victor Boo

May 26, 2025 at 5:10 AM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"Which are the others, if it is not a secret? I am also looking for alternatives."

Paul Braren | TinkerTry.com

May 26, 2025 at 1:50 AM UTC

How to resolve “This virtual machine appears to be in use” error in VMware Workstation

"Glad you found my article, thank you for the feedback, sure seems like they should have fixed this long ago!"

Paul Braren | TinkerTry.com

May 26, 2025 at 1:49 AM UTC

How to easily update your VMware ESXi Hypervisor to the latest version with one ESXCLI command

"It’s one of the options I’m looking at."