Certificate Error every time I launch VMWare Server 2.0.1 in browser
every time I launch the browser on the server for VMWare Server 2.0.1 (VmWare infrastructure Web Access 2.0.0) a Certificate Error appears in the browser. If I add the Cert as requested, and restart the browser, it still gives me the same error.
Any ideas how to get round this?
I can eventually run WMWare but it needs several clicks through the certificate menus (which are blank and show no cert in the dropdown list).
thanks
Any ideas how to get round this?
I can eventually run WMWare but it needs several clicks through the certificate menus (which are blank and show no cert in the dropdown list).
thanks
hi Stack,
you can search for the rui.cert in the vmware server install location normally "C:\Program Files (x86)\VMware\VMware Server\SSL" and install the certification.
as step by step is given in this blog.
http://jeffmcarthur.blogspot.com/2010/08/fixing-certificate-error-problem-with.html
regards
bhanu
you can search for the rui.cert in the vmware server install location normally "C:\Program Files (x86)\VMware\VMware Server\SSL" and install the certification.
as step by step is given in this blog.
http://jeffmcarthur.blogspot.com/2010/08/fixing-certificate-error-problem-with.html
regards
bhanu
ASKER
hi guys, I followed the steps, installed the Cert but this does not fix the problem.
I also added the website to the list of Trusted sites.
I still see the same problem when I open a Brower -
1. It pops up with 'Choose a digital certificate' and the dropdown box is blank.
2. I click 'cancel' and it says 'There is a problem with this website's security certificate'
3. I click 'continue to this website(not recommended)'
4. The same empty dialogue box with 'Choose a digital certificate' is displayed.
5. I click 'cancel' again and a Certificate Error appears at top of screen but it finally lets me get to log in page for VMWare.
There must be a way to fix this.
thanks
I also added the website to the list of Trusted sites.
I still see the same problem when I open a Brower -
1. It pops up with 'Choose a digital certificate' and the dropdown box is blank.
2. I click 'cancel' and it says 'There is a problem with this website's security certificate'
3. I click 'continue to this website(not recommended)'
4. The same empty dialogue box with 'Choose a digital certificate' is displayed.
5. I click 'cancel' again and a Certificate Error appears at top of screen but it finally lets me get to log in page for VMWare.
There must be a way to fix this.
thanks
ASKER
Another update - if I change the url to use the SERVERNAME instead of the IP Address, the error changes to: "vmware infrastructure web access will not work unless your browser supports cookies"
Even if I override cookie settings in IE8 and accept all cookies and also put on LOW security zone, it still shows the same Cookie error. (not that I'd want to have this low a setting anyway, but just for a test).
When I google this error, people suggest the solution is to change the link to have the IP ADDRESS in it instead of servername and then we're back to my ORIGINAL problem! Aaarrggh!!
Oh, the joys of VMWare :)
Even if I override cookie settings in IE8 and accept all cookies and also put on LOW security zone, it still shows the same Cookie error. (not that I'd want to have this low a setting anyway, but just for a test).
When I google this error, people suggest the solution is to change the link to have the IP ADDRESS in it instead of servername and then we're back to my ORIGINAL problem! Aaarrggh!!
Oh, the joys of VMWare :)
If you are using Internet Explore there is a way to suppress that dialog. Go into Tools - Internet Options - then click the Security Tab. Select the zone you fall in when accessing your VMware Server 2.0 Web Management, then click the button for custom level.
Scroll down until you see the selection for "Don't prompt for client certificate selection when no certificates ..." and set that to "Enable" (See attached image)
Presto those nasty prompts should disappear.
Good Luck
Don-tPromptCertificate.jpg
Scroll down until you see the selection for "Don't prompt for client certificate selection when no certificates ..." and set that to "Enable" (See attached image)
Presto those nasty prompts should disappear.
Good Luck
Don-tPromptCertificate.jpg
ASKER
bgoering, thanks for that. It got rid of half the errors!
Now, I still get :
'There is a problem with this website's security certificate'
and I click continue and it brings me to the login screen.
So, yes, a lot better as its a faster process for me to login now, but still getting Cert errors, which I dont understand as it installs ok when I walk through the process of applying it into "Trusted Root Certification Authorities".
Now, I still get :
'There is a problem with this website's security certificate'
and I click continue and it brings me to the login screen.
So, yes, a lot better as its a faster process for me to login now, but still getting Cert errors, which I dont understand as it installs ok when I walk through the process of applying it into "Trusted Root Certification Authorities".
You will need to use the servername instead of IP address and install the rui.crt as mentioned earlier. When I install the certificate the dialog will show an "Issued to" line, that line is what it expects the server name to be.. It may be just a shortName, or in the format host.domain.tld. When your browse to the web access it will need to be of the form:
https://host.domain.tld:8333/ui/#
or
https://serverName:8333/ui/#
If for some reason the name is incorrect and won't resolve to an IP address then either create a hosts entry for the name, or uninstall and reinstall VMware Server 2.x specifying the proper host.domain.tld at installation time.
When I do the install certificate I enter the dialog, click Next, select Place all certificates in the following store radio button and click Browse. Select the Trusted Root Certification Authorities and the checkbox to Show physical stores. Expand Trusted Root Certification Authorities and select Registry and Click OK/Next until out of the Wizard.
The key thing is the name the certificate is Issued to must match the name you are browsing to in order to get rid of your remaining extra click.
Good Luck
https://host.domain.tld:8333/ui/#
or
https://serverName:8333/ui/#
If for some reason the name is incorrect and won't resolve to an IP address then either create a hosts entry for the name, or uninstall and reinstall VMware Server 2.x specifying the proper host.domain.tld at installation time.
When I do the install certificate I enter the dialog, click Next, select Place all certificates in the following store radio button and click Browse. Select the Trusted Root Certification Authorities and the checkbox to Show physical stores. Expand Trusted Root Certification Authorities and select Registry and Click OK/Next until out of the Wizard.
The key thing is the name the certificate is Issued to must match the name you are browsing to in order to get rid of your remaining extra click.
Good Luck
ASKER
Hi bgoering, thanks for the reply.
I've already followed that exact process - to install the certificate. It seems to go through fine and it shows the path as being valid.
I type in exactly this:
https://SERVERNAME:8333/ui/#
where the SERVERNAME does resolve correctly to an IP but when I use a name here, it gives me the Cookie error I mentioned above. Even with all cookie settings as open as I can make them and on lowest security zone.
So, basically I have 2 options:
Use name in the URL - does not work, stops me dead with cookie error.
Use IP address or local host in URL - Gives Certificate error (which makes sense I suppose as the cert is issued to a machine name, not an IP). If I click past the error message I can get in this way - just more of an annoyance.
many thanks
I've already followed that exact process - to install the certificate. It seems to go through fine and it shows the path as being valid.
I type in exactly this:
https://SERVERNAME:8333/ui/#
where the SERVERNAME does resolve correctly to an IP but when I use a name here, it gives me the Cookie error I mentioned above. Even with all cookie settings as open as I can make them and on lowest security zone.
So, basically I have 2 options:
Use name in the URL - does not work, stops me dead with cookie error.
Use IP address or local host in URL - Gives Certificate error (which makes sense I suppose as the cert is issued to a machine name, not an IP). If I click past the error message I can get in this way - just more of an annoyance.
many thanks
I would actually recommend that you uninstall and reinstall VMware server specifying the fully qualified domain name for you host machine. I have seen lots of issues trying to use the short name
ASKER
that might well be the solution. Dont really want to have to do that as I have several Production VMs on there an no other Host to move them to. If nothing else comes up i may try that.
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bgoering, you are a star!
That did it. No more annoying warnings and errors to click through :)
Didn't see this anywhere on the net, so its a great find.
Thank you very much and hope you have a great rest of the day.
That did it. No more annoying warnings and errors to click through :)
Didn't see this anywhere on the net, so its a great find.
Thank you very much and hope you have a great rest of the day.
ASKER
excellent troubleshooting by bgoering.
Glad it took care of your problem - but remember those configuration items are there as a default for a reason. I might recommend that you, at your earliest convenience, reinstall with the host.domain.tld machine name - that will allow you to turn off the last change under advanced. And that you configure your VMware server url to be in a trusted zone, and change the setting for prompting for client certificate only in the trusted zone and if you changed Internet zone return it to the defaults.
Good Luck
Good Luck
ASKER
good point bgoering. I didn't need to change the trusted zones at all in the end, just those cehckmarks in Tools, Advanced that you suggested which really just removes the warning messages rather than making anything less secure, so we should be good :)
Appreciated the help today as I'm trying to do 20 things at once here and this saves me time on the VmWare side of things. On to Exchange and ArcServe issues next :)
Appreciated the help today as I'm trying to do 20 things at once here and this saves me time on the VmWare side of things. On to Exchange and ArcServe issues next :)
"To fix this properly you need to import the vmware certificate "rui.crt" into your web browsers "trusted root certificate authorities" so that your web browser knows to trust this certificate.
1.Find the certificate file (rui.crt) on your server. On my installation its in /etc/vmware/ssl.
2.Copy this file to somewhere you can access on your windows client machine.
3.On your windows client machine double click on the rui.crt file.
4.When you are given the choice on where to place the certificate DO NOT allow windows to automatically select the certificate store. (it won't place it somewhere where it validates on its own...)
5.For the certificate store, select "Trusted Root Certification Authorities"
6.Complete the installation wizard.
Open a new browser window and retry."