VMware vSphere Web Client 5.1 reports this SSL warning after an installation or upgrade: Failed to verify the SSL certificate for one or more vCenter Server Systems
search cancel

VMware vSphere Web Client 5.1 reports this SSL warning after an installation or upgrade: Failed to verify the SSL certificate for one or more vCenter Server Systems

book

Article ID: 341924

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

Symptoms:

For vSphere Web Client 5.5, 6.0, 6.5, 6.7 follow "Could not connect to one or more vCenter Server Systems: https://vCenterFQDN: 443/sdk" error in the vSphere Web Client  (2050273)

After installing or upgrading to the vSphere Web Client 5.1, you experience these symptoms:

  • The vSphere Web Client shows the warning:
Failed to verify the SSL certificate for one or more vCenter Server Systems: https://vCenter_FQDN
 
  • The vsphere_client_virgo.log file (located at %ProgramData%\VMware\vSphere Web Client\serviceability\logs\)contains entries similar to:

    [YYYY-09-10 14:12:43.163][ERROR] Connection failure to vc https://<vCenter FQDN>
    com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified
    at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:217)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
     
  • All steps described in Replacing Default vCenter 5.1 and ESXi Certificates have been applied.


Environment

VMware vCenter Server 5.1.x
VMware vSphere Web Client 5.1.x

Cause

This issue occurs if files from the previous installation contain different SSL thumbprints.

Resolution

To resolve this issue, remove the file containing left-over SSL thumbprint file, so that the vSphere Web Client is forced to use the new SSL Thumbprint.

To remove the file containing left-over SSL thumbprint file:

  1. Run services.msc and stop the VMware vSphere Web Client service.
  2. Go to the %ProgramData%\VMware\vSphere Web Client\SerenityDB\ directory.
  3. Create a backup of the file *VcDirectory.

    Note: This file does not have a file extension.
     
  4. Delete the *VcDirectory file.
  5. Start the VMware vSphere Web Client service.


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box
For more information, see Replacing Default vCenter 5.1 and ESXi Certificates.
インストールまたはアップグレード後に VMware vSphere Web Client 5.1 が SSL 警告 [Failed to verify the SSL certificate for one or more vCenter Server Systems] を報告する
VMware vSphere Web Client 5.1 在重新安装或升级后报告以下 SSL 警告“无法验证一个或多个 vCenter Server 系统的 SSL 证书”

Powered by Wolken Software