In vSphere 8.x environments, the Skyline Health dashboard displays the error:

"The current status of Internet connection is disabled. Online health checks are not available..."

Diagnostics using curl -v https://vcsa.vmware.com reveal an SSL certificate problem: self-signed certificate in certificate chain error.

vCenter Server Appliance 8.x

vCenter Server Appliance 7.x

The network firewall or proxy is performing SSL Inspection (MITM).

The firewall intercepts the request, decrypts it, and re-encrypts it using a local corporate CA certificate.

Because this local CA is not in the vCenter’s trusted root store, the connectivity check fails.

1. Whitelisting (Preferred):

Configure the network security appliance to bypass SSL decryption for the following domains: vcsa.vmware.com, *.vmware.com, and *.broadcom.com.

2. Certificate Import:

If bypass is not possible, obtain the Root CA certificate from the network team and import it into the vCenter Trusted Root store via Administration > Certificate Management in the vSphere Client.