Error: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID when accessing vCenter Server after Machine SSL certificate renewal
search cancel

Error: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID when accessing vCenter Server after Machine SSL certificate renewal

book

Article ID: 322297

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
When you use the vSphere Client to run [Renew] operation for Machine SSL Certificate, restart services, then connect to the vCenter Server again, your Web browser displays a message similar to:

  • There is a problem with this website's security certificate
  • The connection is not private
  • This connection is untrusted
  • ERR_CERT_AUTHORITY_INVALID
  • NET:ERR_CERT_AUTHORITY_INVALID


Clearing the browser cache or cookie does not resolve the issue.

When you use Certificate Manager Option 3 (KB How to use vSphere Certificate Manager to Replace SSL Certificates), you do not hit the issue.

Cause

This is expected behavior.

The [Renew] operation for Machine SSL Certificate on vSphere Client (HTML 5) does not generate the full certificate chain for the Machine SSL Certificate.However, Certificate Manager Option 3 does generate the full certificate chain for the SSL certificate.

Resolution

Follow the steps from the section: "Active Directory Group Policy Update in Deployments with VMCA as an Intermediate Certificate Authority: in the Knowledgebase Article  Download and install vCenter Server root certificates to avoid web browser certificate warnings.

That section will add the VMCA intermediate certificate into Intermediate Certification Authorities of the client machines.

Powered by Wolken Software