VMware Power CLI: Could not establish trust relationship for the SSL/TLS secure channel with authority

With the Newer version of Power CLI, the Connect-ViServer fails with message:

 

 

Connect-VIServer : 28-04-2018 11:41:42 Connect-VIServer Error: Invalid server certificate. Use
Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect
once or to add a permanent exception for this server.
Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority
‘vc.ikigo.net’.
At line:1 char:1
+ Connect-VIServer vc.ikigo.net
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.
Cmdlets.Commands.ConnectVIServer

 

This can easily be worked around by

  • Importing The VMCA trusted root Certificate
  • Use Set-PowerCLIConfiguration to ignore certs

 

Importing The VMCA trusted root Certificate to windows Trusted Root Store

  • Launch a browser and head to https://vcenter.FQDN  (or https://vc.FQDN/certs/download.zip)
  • Click on Download trusted root CA certificates

  • Extract the ZIP file and import the certificate to windows trusted root store

Use Set-PowerCLIConfiguration to ignore certs

  • on an elevated power CLI, Run the below

Set-PowerCLIConfiguration -Confirm:$false -Scope AllUsers -InvalidCertificateAction Ignore -DefaultVIServerModeSingle

Related Posts
%d bloggers like this: