Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate Error every time I launch VMWare Server 2.0.1 in browser

Posted on 2010-09-07
15
Medium Priority
?
1,941 Views
Last Modified: 2012-05-10
every time I launch the browser on the server for VMWare Server 2.0.1 (VmWare infrastructure Web Access 2.0.0) a Certificate Error appears in the browser. If I add the Cert as requested, and restart the browser, it still gives me the same error.
Any ideas how to get round this?
I can eventually run WMWare but it needs several clicks through the certificate menus (which are blank and show no cert in the dropdown list).
thanks
0
Comment
Question by:stack888
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 33623196
Take a look at http://serverfault.com/questions/4258/vmware-infrastructure-web-access-certificate-problem

"To fix this properly you need to import the vmware certificate "rui.crt" into your web browsers "trusted root certificate authorities" so that your web browser knows to trust this certificate.

1.Find the certificate file (rui.crt) on your server. On my installation its in /etc/vmware/ssl.
2.Copy this file to somewhere you can access on your windows client machine.
3.On your windows client machine double click on the rui.crt file.
4.When you are given the choice on where to place the certificate DO NOT allow windows to automatically select the certificate store. (it won't place it somewhere where it validates on its own...)
5.For the certificate store, select "Trusted Root Certification Authorities"
6.Complete the installation wizard.
Open a new browser window and retry."
0
 
LVL 23

Expert Comment

by:bhanukir7
ID: 33623199
hi Stack,

you can search for the rui.cert in the vmware server install location normally "C:\Program Files (x86)\VMware\VMware Server\SSL" and install the certification.

as step by step is given in this blog.

http://jeffmcarthur.blogspot.com/2010/08/fixing-certificate-error-problem-with.html

regards
bhanu
0
 
LVL 2

Author Comment

by:stack888
ID: 33629799
hi guys, I followed the steps, installed the Cert but this does not fix the problem.
I also added the website to the list of Trusted sites.

I still see the same problem when I open a Brower -

1. It pops up with 'Choose a digital certificate' and the dropdown box is blank.
2. I click 'cancel'  and it says 'There is a problem with this website's security certificate'
3. I click 'continue to this website(not recommended)'
4. The same empty dialogue box with 'Choose a digital certificate' is displayed.
5. I click 'cancel' again and a Certificate Error appears at top of screen but it finally lets me get to log in page for VMWare.

There must be a way to fix this.

thanks
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Author Comment

by:stack888
ID: 33630037
Another update - if I change the url to use the SERVERNAME instead of the IP Address, the error changes to: "vmware infrastructure web access will not work unless your browser supports cookies"

Even if I override cookie settings in IE8 and accept all cookies and also put on LOW security zone, it still shows the same Cookie error. (not that I'd want to have this low a setting anyway, but just for a test).

When I google this error, people suggest the solution is to change the link to have the IP ADDRESS in it instead of servername and then we're back to my ORIGINAL problem! Aaarrggh!!
Oh, the joys of VMWare  :)
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33630160
If you are using Internet Explore there is a way to suppress that dialog. Go into Tools - Internet Options - then click the Security Tab. Select the zone you fall in when accessing your VMware Server 2.0 Web Management, then click the button for custom level.

Scroll down until you see the selection for "Don't prompt for  client certificate selection when no certificates ..." and set that to "Enable" (See attached image)

Presto those nasty prompts should disappear.

Good Luck
Don-tPromptCertificate.jpg
0
 
LVL 2

Author Comment

by:stack888
ID: 33630211
bgoering, thanks for that. It got rid of half the errors!
Now, I still get :
'There is a problem with this website's security certificate'
and I click continue and it brings me to the login screen.

So, yes, a lot better as its a faster process for me to login now, but still getting Cert errors, which I dont understand as it installs ok when I walk through the process of applying it into "Trusted Root Certification Authorities".

0
 
LVL 28

Expert Comment

by:bgoering
ID: 33630390
You will need to use the servername instead of IP address and install the rui.crt as mentioned earlier. When I install the certificate the dialog will show an "Issued to" line, that line is what it expects the server name to be.. It may be just a shortName, or in the format host.domain.tld. When your browse to the web access it will need to be of the form:

https://host.domain.tld:8333/ui/#
or
https://serverName:8333/ui/#

If for some reason the name is incorrect and won't resolve to an IP address then either create a hosts entry for the name, or uninstall and reinstall VMware Server 2.x specifying the proper host.domain.tld at installation time.

When I do the install certificate I enter the dialog, click Next, select Place all certificates in the following store radio button and click Browse. Select the Trusted Root Certification Authorities and the checkbox to Show physical stores. Expand Trusted Root Certification Authorities and select Registry and Click OK/Next until out of the Wizard.

The key thing is the name the certificate is Issued to must match the name you are browsing to in order to get rid of your remaining extra click.

Good Luck
0
 
LVL 2

Author Comment

by:stack888
ID: 33630460
Hi bgoering, thanks for the reply.
I've already followed that exact process - to install the certificate. It seems to go through fine and it shows the path as being valid.

I type in exactly this:

https://SERVERNAME:8333/ui/#

where the SERVERNAME does resolve correctly to an IP but when I use a name here, it gives me the Cookie error I mentioned above. Even with all cookie settings as open as I can make them and on lowest security zone.

So, basically I have 2 options:

Use name in the URL - does not work, stops me dead with cookie error.

Use IP address or local host in URL - Gives Certificate error (which makes sense I suppose as the cert is issued to a machine name, not an IP). If I click past the error message I can get in this way - just more of an annoyance.

many thanks
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33630556
I would actually recommend that you uninstall and reinstall VMware server specifying the fully qualified domain name for you host machine. I have seen lots of issues trying to use the short name
0
 
LVL 2

Author Comment

by:stack888
ID: 33630593
that might well be the solution. Dont really want to have to do that as I have several Production VMs on there an no other Host to move them to. If nothing else comes up i may try that.
thanks
0
 
LVL 28

Accepted Solution

by:
bgoering earned 2000 total points
ID: 33631047
I did find another workaround for you. Go to Tools, Internet Options, Advanced tab.

Close to the bottom there is a check box for Warn for Certrificate Address Mismatch - uncheck it and restart IE.

You should be able to access again by IP address and hopefully not get any errors provided your rui.crt is installed.

Good Luck
0
 
LVL 2

Author Comment

by:stack888
ID: 33631176
bgoering, you are a star!
That did it. No more annoying warnings and errors to click through :)
Didn't see this anywhere on the net, so its a great find.
Thank you very much and hope you have a great rest of the day.
0
 
LVL 2

Author Closing Comment

by:stack888
ID: 33631186
excellent troubleshooting by bgoering.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33631448
Glad it took care of your problem - but remember those configuration items are there as a default for a reason. I might recommend that you, at your earliest convenience, reinstall with the host.domain.tld machine name - that will allow you to turn off the last change under advanced. And that you configure your VMware server url to be in a trusted zone, and change the setting for prompting for client certificate only in the trusted zone and if you changed Internet zone return it to the defaults.

Good Luck
0
 
LVL 2

Author Comment

by:stack888
ID: 33631828
good point bgoering. I didn't need to change the trusted zones at all in the end, just those cehckmarks in Tools, Advanced that you suggested which really just removes the warning messages rather than making anything less secure, so we should be good :)
Appreciated the help today as I'm trying to do 20 things at once here and this saves me time on the VmWare side of things. On to Exchange and ArcServe issues next :)
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Check out what's been happening in the Experts Exchange community.
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question