Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Accessing a vCenter Server using Web access or vSphere Client fails with an SSL certificate error (1021514)

Symptoms

  • Accessing vCenter Server using Web access or vSphere Client fails
  • You see the error:

    Security Warning
    Certificate Warnings
    An untrusted SSL certificate is installed on "vCenter_FQDN" and secure communication cannot be guaranteed.  Depending on your security policy, this issue might not represent a security concern.  You may need to install a trusted SSL certificate on your server to prevent this warning from appearing.
    Click Ignore to continue using the current SSL certificate.

Resolution

This issue occurs if the self-signed certificate of the vCenter Server is not trusted or the FQDN or shortname of the vCenter Server changed after the initial installation.
 
To resolve this issue, you must create a self-signed certificate for your vCenter Server.
 
Note: If you are using custom or CA signed certificates, see Replacing vCenter Server Certificates

 

To create a self-signed certificate:
  1. Download and install OpenSSL from http://gnuwin32.sourceforge.net/packages/openssl.htm.

    Note
    : The preceding link was correct as of June 02, 2010. If you find the link is broken, provide feedback and a VMware employee will update the link.
     
  2. Create a folder named openssl in C:\
  3. Open command prompt and navigate to C:\Program Files\GnuWin32\bin.

    Note: You may need to run the command prompt as administrator in order for the below commands to work.

  4. Run these commands to create the SSL certificates:


    openssl genrsa 1024 > c:\openssl\rui.key


    openssl req -new -key c:\openssl\rui.key > c:\openssl\rui.csr -config "C:\Program Files\GnuWin32\share\openssl.cnf"


    Note: Provide necessary information about the certificate, such as country, organization, name, and email ID and provide the FQDN or Netbios name in the Common Name field of the vCenter Server. You do not have to specify a passkey in this step.

    o
    penssl x509 -req -days 730 -in c:\openssl\rui.csr -signkey c:\openssl\rui.key -out c:\openssl\rui.crt

    openssl pkcs12 -export -in c:\openssl\rui.crt -inkey c:\openssl\rui.key -passout pass:testpassword -out c:\openssl\rui.pfx

  5. To replace the certificates on vCenter Server:
    1. Copy the existing rui.key, rui.crt, and rui.pfx files from C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\ to a backup folder.
    2. Copy the custom rui.key, rui.crt, and rui.pfx files to C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\.

      Note: In Windows Server 2008, copy the files to C:\ProgramData\VMware\VMware VirtualCenter\SSL\.

  6. Stop the VirtualCenter Server service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
  7. To reset your database password, browse to the root directory of your vCenter Server installation, and run the command:

    vpxd.exe –p

    When prompted for your new password, enter your existing database password. When prompted to confirm your password, reenter the password.

  8. Restart the VirtualCenter Server service. For more information, see Stopping, starting, or restarting vCenter services (1003895)
  9. To install the certificate into the trusted root CAs on the vCenter Server:
    1. Double-click the rui.crt file located at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\.
    2. Click Install Certificate and click Next and Next.
    3. Select Place all certificates in the following store.
    4. Select the Trusted Root Certification Authorities certificate store.
    5. Click OK, Next, Finish, and Yes.

  10. Log in to vCenter Server using your new certificate.
  11. If your ESX hosts are showing as disconnected, right-click on the host, follow the prompts, and connect the host using the root credentials.

Attachments

    Request a Product Feature

    To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

    Feedback

    • 7 Ratings

    Did this article help you?
    This article resolved my issue.
    This article did not resolve my issue.
    This article helped but additional information was required to resolve my issue.
    What can we do to improve this information? (4000 or fewer characters)
    • 7 Ratings
    Actions
    KB: