How to import your VCSA certificate so ALL VMware vSphere browser security warnings go away in Windows 10
You can free up tons of vertical real-estate when doing your day-to-day vSphere sysadmin by hiding the URLs and tabs and dead space in Chrome, see:
- VMware vSphere Taskbar Shortcuts Unleashed - profile switcher isolated and uncluttered Chrome Browser UIs act like native Windows apps!
Mar 27 2017
The thing is, home-lab friendly browser features such as (insecure) password saving don't work once Chrome, or other browsers, have that intentionally nasty red X certificate warning mode, prompting you to bypass before even showing you the suspect page. Won't you feel better getting rid of those warnings, once and for all? Yes, this method even works for the vSphere Web Client (Flash) and the VMware Host Client/vSphere Client (HTML5), and leverages the certificate authority baked right into VCSA! Now you know why FQDN and DNS is so important for VCSA, eh?
It's easy, just one certificate to import into your Windows 10 system-wide "Trusted Root Certification Authorities" store. Video details the simple procedure below.
These are the circumstances in my home lab, where I recorded this short video:
- willingness to type in FQDN
eg. https://vcsa.lab.local, not just https://vcsa
(I create single-click taskbar shortcuts anyway)
- stand-alone Windows in workgroup mode
(not joined to Active Directory)
- Administrative rights to Windows
- VCSA 6.0 or later
Step-by-step, with explanations as I go:
What I like about this is that it's a do it once thing, and you'll likely never forget it. Nice that the certificate doesn't expire for 10 years too ;)
If you get this error when attempting to log in to your VCSA appliance from chrome:
Your connection is not private
Attackers might be trying to steal your information from vcsa.lab.local (for example, passwords, messages, or credit cards). Learn more
it's easiest to cut over to Firefox, and follow the rest of the below steps from there.
Now test it.
- close Edge Browser
- close Chrome
- open Chrome
- if Chrome still shows certificate warnings, close it again, and use Task Manager's 'Processes' Tab to to kill all chrome.exe instances, then open Chrome again to retest
- if you're looking to fix Firefox, see VMware's guidance here.
- that's it, enjoy the happy green padlock for the next 10 years!
- How to download and install vCenter Server root certificates to avoid Web Browser certificate warnings (2108294)