Solved

Certificate Error every time I launch VMWare Server 2.0.1 in browser

Posted on 2010-09-07
15
1,897 Views
Last Modified: 2012-05-10
every time I launch the browser on the server for VMWare Server 2.0.1 (VmWare infrastructure Web Access 2.0.0) a Certificate Error appears in the browser. If I add the Cert as requested, and restart the browser, it still gives me the same error.
Any ideas how to get round this?
I can eventually run WMWare but it needs several clicks through the certificate menus (which are blank and show no cert in the dropdown list).
thanks
0
Comment
Question by:stack888
  • 8
  • 6
15 Comments
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Take a look at http://serverfault.com/questions/4258/vmware-infrastructure-web-access-certificate-problem

"To fix this properly you need to import the vmware certificate "rui.crt" into your web browsers "trusted root certificate authorities" so that your web browser knows to trust this certificate.

1.Find the certificate file (rui.crt) on your server. On my installation its in /etc/vmware/ssl.
2.Copy this file to somewhere you can access on your windows client machine.
3.On your windows client machine double click on the rui.crt file.
4.When you are given the choice on where to place the certificate DO NOT allow windows to automatically select the certificate store. (it won't place it somewhere where it validates on its own...)
5.For the certificate store, select "Trusted Root Certification Authorities"
6.Complete the installation wizard.
Open a new browser window and retry."
0
 
LVL 23

Expert Comment

by:bhanukir7
Comment Utility
hi Stack,

you can search for the rui.cert in the vmware server install location normally "C:\Program Files (x86)\VMware\VMware Server\SSL" and install the certification.

as step by step is given in this blog.

http://jeffmcarthur.blogspot.com/2010/08/fixing-certificate-error-problem-with.html

regards
bhanu
0
 
LVL 2

Author Comment

by:stack888
Comment Utility
hi guys, I followed the steps, installed the Cert but this does not fix the problem.
I also added the website to the list of Trusted sites.

I still see the same problem when I open a Brower -

1. It pops up with 'Choose a digital certificate' and the dropdown box is blank.
2. I click 'cancel'  and it says 'There is a problem with this website's security certificate'
3. I click 'continue to this website(not recommended)'
4. The same empty dialogue box with 'Choose a digital certificate' is displayed.
5. I click 'cancel' again and a Certificate Error appears at top of screen but it finally lets me get to log in page for VMWare.

There must be a way to fix this.

thanks
0
 
LVL 2

Author Comment

by:stack888
Comment Utility
Another update - if I change the url to use the SERVERNAME instead of the IP Address, the error changes to: "vmware infrastructure web access will not work unless your browser supports cookies"

Even if I override cookie settings in IE8 and accept all cookies and also put on LOW security zone, it still shows the same Cookie error. (not that I'd want to have this low a setting anyway, but just for a test).

When I google this error, people suggest the solution is to change the link to have the IP ADDRESS in it instead of servername and then we're back to my ORIGINAL problem! Aaarrggh!!
Oh, the joys of VMWare  :)
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
If you are using Internet Explore there is a way to suppress that dialog. Go into Tools - Internet Options - then click the Security Tab. Select the zone you fall in when accessing your VMware Server 2.0 Web Management, then click the button for custom level.

Scroll down until you see the selection for "Don't prompt for  client certificate selection when no certificates ..." and set that to "Enable" (See attached image)

Presto those nasty prompts should disappear.

Good Luck
Don-tPromptCertificate.jpg
0
 
LVL 2

Author Comment

by:stack888
Comment Utility
bgoering, thanks for that. It got rid of half the errors!
Now, I still get :
'There is a problem with this website's security certificate'
and I click continue and it brings me to the login screen.

So, yes, a lot better as its a faster process for me to login now, but still getting Cert errors, which I dont understand as it installs ok when I walk through the process of applying it into "Trusted Root Certification Authorities".

0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
You will need to use the servername instead of IP address and install the rui.crt as mentioned earlier. When I install the certificate the dialog will show an "Issued to" line, that line is what it expects the server name to be.. It may be just a shortName, or in the format host.domain.tld. When your browse to the web access it will need to be of the form:

https://host.domain.tld:8333/ui/#
or
https://serverName:8333/ui/#

If for some reason the name is incorrect and won't resolve to an IP address then either create a hosts entry for the name, or uninstall and reinstall VMware Server 2.x specifying the proper host.domain.tld at installation time.

When I do the install certificate I enter the dialog, click Next, select Place all certificates in the following store radio button and click Browse. Select the Trusted Root Certification Authorities and the checkbox to Show physical stores. Expand Trusted Root Certification Authorities and select Registry and Click OK/Next until out of the Wizard.

The key thing is the name the certificate is Issued to must match the name you are browsing to in order to get rid of your remaining extra click.

Good Luck
0
Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 2

Author Comment

by:stack888
Comment Utility
Hi bgoering, thanks for the reply.
I've already followed that exact process - to install the certificate. It seems to go through fine and it shows the path as being valid.

I type in exactly this:

https://SERVERNAME:8333/ui/#

where the SERVERNAME does resolve correctly to an IP but when I use a name here, it gives me the Cookie error I mentioned above. Even with all cookie settings as open as I can make them and on lowest security zone.

So, basically I have 2 options:

Use name in the URL - does not work, stops me dead with cookie error.

Use IP address or local host in URL - Gives Certificate error (which makes sense I suppose as the cert is issued to a machine name, not an IP). If I click past the error message I can get in this way - just more of an annoyance.

many thanks
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
I would actually recommend that you uninstall and reinstall VMware server specifying the fully qualified domain name for you host machine. I have seen lots of issues trying to use the short name
0
 
LVL 2

Author Comment

by:stack888
Comment Utility
that might well be the solution. Dont really want to have to do that as I have several Production VMs on there an no other Host to move them to. If nothing else comes up i may try that.
thanks
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
Comment Utility
I did find another workaround for you. Go to Tools, Internet Options, Advanced tab.

Close to the bottom there is a check box for Warn for Certrificate Address Mismatch - uncheck it and restart IE.

You should be able to access again by IP address and hopefully not get any errors provided your rui.crt is installed.

Good Luck
0
 
LVL 2

Author Comment

by:stack888
Comment Utility
bgoering, you are a star!
That did it. No more annoying warnings and errors to click through :)
Didn't see this anywhere on the net, so its a great find.
Thank you very much and hope you have a great rest of the day.
0
 
LVL 2

Author Closing Comment

by:stack888
Comment Utility
excellent troubleshooting by bgoering.
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Glad it took care of your problem - but remember those configuration items are there as a default for a reason. I might recommend that you, at your earliest convenience, reinstall with the host.domain.tld machine name - that will allow you to turn off the last change under advanced. And that you configure your VMware server url to be in a trusted zone, and change the setting for prompting for client certificate only in the trusted zone and if you changed Internet zone return it to the defaults.

Good Luck
0
 
LVL 2

Author Comment

by:stack888
Comment Utility
good point bgoering. I didn't need to change the trusted zones at all in the end, just those cehckmarks in Tools, Advanced that you suggested which really just removes the warning messages rather than making anything less secure, so we should be good :)
Appreciated the help today as I'm trying to do 20 things at once here and this saves me time on the VmWare side of things. On to Exchange and ArcServe issues next :)
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now