Posted by: Rick Vanover
Rick Vanover, VI3, Virtualization
When logging into the VMware Infrastructure Client (VIC) or using the web interface to the VirtualCenter server, you are presented with a certificate message. Best practice or not, I usually accept the certificate and instruct the software to not ask me again about this topic. I have just completed end-to-end testing of VirtualCenter 2.5 update 1 and ESX 3.5 update 1, however, and noticed something about the certificate store for VirtualCenter.
The VirtualCenter certificate store is valid for two years from the date of initial installation. Since this instance of VirtualCenter was installed, I have upgraded to version 2.5 base release and, most recently, to the version 2.5 update 1. But neither installation updated the certificate. Below are the details of my test certificate:
The good news is that you now know about this issue. The bad news is that you better correct it before the two year anniversary of your installation of VirtualCenter as it is required to process logins. VMware has a comprehensive PDF that outlines the certificate procedures for VirtualCenter and the ESX hosts. The ESX hosts, however, have a much longer lifespan for the local certificate, around 20 years, and do not exhibit this behavior. The VMware server certificate documentation is available for download from the VMware website.