"cannot authenticate SSL certificate for proxy" in Content Library for vCenter HTTPs Proxy Support
Article ID: 336092
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article has steps to resolve the error HTTP request error: cannot authenticate SSL certificate for proxy. Please add the proxy certificate to the vcenter trust store in case https proxy is configured. through adding the the proxy certificate to the vCenter Server store
Symptoms:
Symptoms:
- The Content Library workflow involving HTTPS URLs fails with the error:
HTTP request error: cannot authenticate SSL certificate for proxy. Please add the proxy certificate to the vcenter trust store in case https proxy is configured.
For a similar issue, see Unable to deploy OVF from vCenter Server 7.0 vSphere Client using HTTPS Proxy
For a similar issue, see Unable to deploy OVF from vCenter Server 7.0 vSphere Client using HTTPS Proxy
Environment
VMware vCenter Server 7.0.x
Cause
This issue occurs when the proxy certificate is not trusted by the vCenter Server, causing API calls to fail on HTTPS URLs.
Resolution
To resolve the issue, add the proxy certificate to the vCenter Server trusted root store.
- Copy the certificate to the vCenter Server
Note: If you encounter an issue with WinSCP, see Error when uploading files to vCenter Server Appliance using WinSCP (2107727)
- Log in to vCenter Server with SSH.
- List the available stores in VECS with this command: /usr/lib/vmware-vmafd/bin/vecs-cli store list
For example:
root@vcsa1 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli store list
MACHINE_SSL_CERT
TRUSTED_ROOTS
TRUSTED_ROOT_CRLS
machine
vsphere-webclient
vpxd
vpxd-extension
APPLMGMT_PASSWORD
data-encipherment
SMS
MACHINE_SSL_CERT
TRUSTED_ROOTS
TRUSTED_ROOT_CRLS
machine
vsphere-webclient
vpxd
vpxd-extension
APPLMGMT_PASSWORD
data-encipherment
SMS
- List the number of entries in TRUSTED_ROOTS with: /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store
For example:
root@vcsa1 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS | grep Number
Number of entries in store : 1
Number of entries in store : 1
- Add the proxy certificate to TRUSTED_ROOTS with: /usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /Path_to_Cert/Cert_Name.cert
- Check the number of entries again in TRUSTED_ROOTS, If successful the number of certificates should increase.
For example:
root@vcsa1 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS | grep Number
Number of entries in store : 2
Additional Information
For further information on certificate CLI command use the following links:
Feedback
Yes
No
Powered by
