Home / server / Questions / 4258
Accepted
Jim
Asked: 2009-05-05 11:16:25 +0800 CST

VMware Infrastructure Web Access certificate problem

  • 772

Every time I launch the shortcut to the VMWare Infrustructure Web Access page I get a message in IE7 asking me to choose a digital certificate. I don't have any digital certificates, so I click "OK" or "Cancel"--it doesn't matter which. I'm taken to a screen that says, "There is a problem with this website's security certificate." I have to click "Continue to this website (not recommended)." I'm prompted again to choose a digital certificate, I don't select anything, and click "OK." I'm then prompted to enter my username and password, which I do, and I can finally login.

Everything works, but the IE7 toolbar does tell me there's a certificate error.

Untrusted Certificate.
The security certificate presented by this website
was not issued by a trusted certificate authority.
This problem may indicate an attempt to fool you or
intercept any data you send to the server. We 
recommend that you close this webpage.

I click the certificate error and choose the "Install Certificate" option and restart IE, but the error remains.

The entire process is annoying every time I want to manage a virtual machine. Does anybody know how to fix this?

vmware-server certificate

4 Answers

  1. This is a common problem with VMWare server 2.

    If you use Windows Explorer (v8) the certificate error puts the web browser into protected mode which then makes it rather difficult to use.

    Quick Hack Approach: (30 seconds)

    1. Add web site address to list of trusted websites (using Tools -> Internet Options)
    2. Accept the fact that when you connect, you will be told that the certificate failed, and then click continue anyway....

    One Possible Fix: ( ~5minutes)

    To fix this properly you need to import the vmware certificate "rui.crt" into your web browsers "trusted root certificate authorities" so that your web browser knows to trust this certificate.

    1. Find the certificate file (rui.crt) on your server. On my installation its in /etc/vmware/ssl.
    2. Copy this file to somewhere you can access on your windows client machine.
    3. On your windows client machine double click on the rui.crt file.
    4. When you are given the choice on where to place the certificate DO NOT allow windows to automatically select the certificate store. (it won't place it somewhere where it validates on its own...)
    5. For the certificate store, select "Trusted Root Certification Authorities"
    6. Complete the installation wizard.

    Open a new browser window and retry.

    • 2

  2. Here is a solution from Microsoft

    • 1
  3. Best Answer

    The SSL certificates installed by default with ESX and VirtualCenter are self-signed. That means your browser (any browser) won't trust them by default. You have a few choices:

    • Add the self-signed certs to your Trusted Root certificate authorities
    • Replace the self-signed certs with certs that you've purchased from a trusted certificate authority
    • Replace the self-signed certs with certs you've generated from your own trusted certificate authority

    There were a few blog posts detailing the cert replacement options I found when dealing with this issue on my own. But for the life of me, I can't find them anymore.

    • 1

  4. If the certificates are expired you may need to simply regenerate them.

    You could create self-signed certificates, sign certificates with your CA and install them on the server. The certificates live in /etc/vmware/ssl

    • 0