This post is also available in: Italian

Starting with vSphere 6.0, the new PSC component include not only the SSO part, but also a certification authority for certification management of all vSphere infrastructure elements (unfortunately is not been used yet by all the other VMware’s products).

This simplified not only the certifications management (with auto-enrollment for expired certificates), but also the trust between the different connections.

But to avoid browser warnings you need to trust on the VMware’s CA and first of it you need to gain it. You can simply download it from the vCenter home page, under Download trusted root CA certificates:

You will download a simple download.zip file that contains both the CA certificate and the revocations list.

Note that on vSphere 6.0 is a little more tricky compared to vSphere 6.5: you have to manually rename the files in order to import them.

In order to import the certificate you can use different approaches for a Windows system:

• Import manually: for Internet Explorer, Edge, Chrome you can simple double click on the certificate and import into the trusted CA. Firefox has a different certs repository.
• Import by using GPO: under Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers you can import existing certificates. Be sure to import it in the Trusted Root Certification Authorities store
• Add as an intermediate CA in your existing CA authority

For the different type of certificates in Windows, see also Self-Signed, Root CA and Intermediate CA Certificates

Andrea Mauro

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.