How to import your VCSA certificate so ALL VMware vSphere browser security warnings go away in Windows 10
You can free up tons of vertical real-estate when doing your day-to-day vSphere sysadmin by hiding the URLs and tabs and dead space in Chrome, see:
The thing is, home-lab friendly browser features such as (insecure) password saving don't work once Chrome, or other browsers, have that intentionally nasty red X certificate warning mode, prompting you to bypass before even showing you the suspect page. Won't you feel better getting rid of those warnings, once and for all? Yes, this method even works for the vSphere Web Client (Flash) and the VMware Host Client/vSphere Client (HTML5), and leverages the certificate authority baked right into VCSA! Now you know why FQDN and DNS is so important for VCSA, eh?
It's easy, just one certificate to import into your Windows 10 system-wide "Trusted Root Certification Authorities" store. Video details the simple procedure below.
Prerequisites
These are the circumstances in my home lab, where I recorded this short video:
- willingness to type in FQDN
eg. https://vcsa.lab.local, not just https://vcsa
(I create single-click taskbar shortcuts anyway) - stand-alone Windows in workgroup mode
(not joined to Active Directory) - Administrative rights to Windows
- VCSA 6.0 or later
If you meet these prerequisites, great, this video will show you exactly how easy this is!
If not, or if you use Firefox, read VMware KB 2108294 for guidance, see also comment below.
Video
Step-by-step, with explanations as I go:
Instructions - visual
What I like about this is that it's a do it once thing, and you'll likely never forget it. Nice that the certificate doesn't expire for 10 years too ;)
If you get this error when attempting to log in to your VCSA appliance from chrome:
Your connection is not private
Attackers might be trying to steal your information from vcsa.lab.local (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
it's easiest to cut over to Firefox, and follow the rest of the below steps from there.
Now test it.
- close Edge Browser
- close Chrome
- open Chrome
- if Chrome still shows certificate warnings, close it again, and use Task Manager's 'Processes' Tab to to kill all chrome.exe instances, then open Chrome again to retest
- if you're looking to fix Firefox, see VMware's guidance here.
- that's it, enjoy the happy green padlock for the next 10 years!
Jan 31 2020 Update
Great info in this @lamw tweet, here's an excerpt:
PSA: If you’ve upgraded to latest version of Chrome & having issues logging into vSphere Client w/ "NET::ERR_CERT_REVOKED”, you need “ghost type” on that page “thisisunsafe” to bypass
And here's the Google Support comment he refers to:
Abhaas Sood 12/6/19
This solution really works."Here's the fix!!! As of 10/21/19 the bypass word is "thisisunsafe"
Once you get to the page that says "Your connection is not private" click somewhere on the page and then blindly type the following thisisunsafe
This will instantly bypass the warning. Please don't do this on sites you don't trust."
I am just surprised how do people even find these kind of solutions.