1. Replace the HTTPS SSL certificate with a valid one that is signed by any of Photon OS CAs or VECS TRUSTED_ROOTS CAs.
For endpoint protection, please refer to partner documentation regarding how to replace HTTPS SSL certificate.
2. Add the root CA certificate signing the file server certificate to VMware Endpoint Certificate Store (VECS) TRUSTED_ROOTS. Please refer to
Add a Trusted Root Certificate to the Certificate Store and
vecs-cli Command Reference for more information.
Workaround:
Note - Following workaround involves security risk.
1. Configure a leaf SSL certificate that is to be trusted for the OVF URL.
The Endpoint protection or Malware prevention service OVF URL can be obtained from service definition on NSX UI/API.
Login to VCSA through SSH using root. Run the below command:
/usr/lib/vmware-eam/bin/eam-utility.py install-cert <OVF URL> Notea. The operation above can be reverted by running: eam-utility.py uninstall-cert <VIB/OVF URL>
/usr/lib/vmware-eam/bin/eam-utility.py uninstall-cert <OVF URL>b. The SSL trust configuration provided with the script does not persist across vCenter major upgrades.