How to trust the VMware vCenter 5.5 self signed certificate for XenDesktop 7.5

The vCenter 5.5 installation creates a self signed certificate. Best practice is to replace it with an external trusted certificate. But if you do not want to pay any money for a certificate or just want to use the self signed certificate, the following error pops-up when adding vCenter as a host in XenDesktop:

Error id: XDDS:D883C098

Cannot connect to the VCenter server due to a certificate error. Mare sure the appropriate certificates are installed on the VCenter server, and the install the appropriate certificates on the same machine that contains all the instances of the Host service.

image

 

Here’s how to fix it:

 

On the vCenter server, navigate to:
C:\ProgramData\VMware\VMware VirtualCenter\SSL

(I had to take ownership of the folder to view the content)

image
Copy the cacert.pem file to the XenDesktop 7.5 C:\ drive image
Open a MMC console on the XenDesktop 7.5 host  
Add the Certificates snap-in for the Computer image

image
Navigate to the Trusted Root Certification Authorities

Expand Certificates
image
Right click on Certificates, All Tasks and select Import

Click Next

image
Click on X.509… and select All Files image
Navigate to C:\

Select the cacert.pem file

image
Click on Open  
Leave the Trusted Root Certification Authorities store selected

Click Next

image
Click Finish image
Successfully imported. image

Repeat these steps for all your XenDesktop Controllers.

Check in the Certificates MMC if the certificate uses a FQDN, then this is also necessary in the XenDesktop 7.5 Host wizard.

To test if the certificate is valid, open the website: https://vCenterServer.domain/sdk

The certificate is valid if there is NO notification of a untrusted certificate.

 

Now, let’s add the vCenter as a Host in XenDesktop 7.5.

I use the Add Host in XenDesktop Studio but this could also be done using the initial installation.

 

Click on Hosting image
Click on Add Connection and Resources image
Make sure that you use the FQDN of the vCenter server, if this is also applied to the certificate.

Click Next

 

Now there is no error message displayed.

image
Click Finish SNAGHTML1406bf2
Advertisements
This entry was posted in Citrix XenDesktop, VMWare and tagged . Bookmark the permalink.

4 Responses to How to trust the VMware vCenter 5.5 self signed certificate for XenDesktop 7.5

  1. gulgul2006 says:

    This is a great article and I appreciate it. I have an issue however where there is no cacert.pem in that folder you specify. In the vsphere webclient folder however there is. Importing that cert makes no difference but I am having this EXACT same issue.
    Hopefully (Xen 7.6) someone either in Citrix or in the community at large will figure this out.

  2. riff says:

    spent around 1 hour and followed around 10 articles. nothing worked. this instructions worked smoothly. thanks mate 🙂

  3. Spunkyknight says:

    Thanks this totally solved my issue! Do a search for the cacert.pem file if you can’t find it. My path was a little different too since I installed the vmware SSO. But I found it. Everything else was spot on. Thanks again!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s