In some configurations, you might need to
import certificates into your Active Directory domain.
If you have a
configuration where the VMware Certificate Authority is an intermediate
Certificate Authority, a Custom Certificate, or another certificate that is not
trusted in your environment, and:
- you have a Web browser that uses the
operating certificate store on Windows (such as Internet Explorer and Google
Chrome)
- you can access the vCenter Server from
several different machines
you can import the root certificate into the
group policy of your Active Directory environment to make the certificates
trusted in your Active Directory domain.
Procedure
-
Go to the URL of the vCenter Server system
or the vCenter Server Virtual Appliance using a client system web browser.
-
Click the
Download trusted root CA
certificates link at the bottom of the grey box on the right and
download the file.
-
Change the extension of the file to
.zip.
-
The file is a ZIP file of all root
certificates and all CRLs in the VMware Endpoint Certificate Store (VECS)
-
Extract the ZIP file.
-
The result is a
.certs folder that
contains two types of files. Files with a number extension (.0, .1, and so on)
are root certificates. Files with an extension that starts with an r (.r0,. r1,
and so on) are CRL files associated with a certificate.
-
Open the
Active Directory Group Policy
Management Editor.
-
Open
Public Key Policies and
select
Intermediate Certification
Authorities.
-
Add the certificate file or files that you
downloaded.
-
From your Windows command prompt, run
gpupdate /force to force
an update.
Firefox has its own trusted roots store and
does not use the operating system store. If you are working with Firefox,
download the certificate as described above, and then select
,
click
Advanced, and click
Certificates to
import the certificate into Firefox.