Symptoms:

• When you access the VAMI URL, browsers return an error related to self-signed certificate and you cannot proceed.
• Latest versions of Chromium based browsers prevent users from navigating to the 5480-web interface.
• Firefox provides a way to add an exception with a warning similar to

  vami_url_FQDN:5480 uses an invalid security certificate
  
  The certificate is not trusted because it is self signed.
  The certificate is not valid for the name vami_url_FQDN.
  
  Error cod:SEC_ERROR_UNKNOWN_ISSUER

• ​Internet Explorer 11 allows an option to continue on to the website but does not actually navigate to page and comes back to warning page.

  Your PC doesn't trust this website's security certificate.
  The hostname in the website's security certificate differs from the website you are trying to visit.
  
  Error code:DLG_FLAGS_INVALID_CA
  DLG_FLAGS_SEC_CERT_CN_INVALID

• Microsoft Edge is a Chromium based browser and can be configured with

  edge://net-internals/#hsts

VMware recommends certifying all web interfaces on vRealize appliances with public CA certificates.

Workaround:

To work around this issue, use either of these options:

Option 1

• Replace the self-signed certificates with a public CA signed certificate that contains the fully qualified domain name of the VA hostname in the Subject Alternative Name field.

Option 2

• Disable HSTS in the Chrome browser.
  1. Disable browser cache.
  2. Type chrome://net-internals/#hsts in the chrome browser.
  3. If present, remove the domain name of vRA for Add HSTS/PKP domain. Click include sub-domains and check for both STS and PKP.
  4. If present, remove the domain name of vRA for Add Expect-CT domain.

Option 3:

• Left click into the white space on the HSTS error page and type: thisisunsafe
  • The page will reload and should allow access to the webpage.