Script to add vSphere 6.5 VMCA Root Certificate to Trusted Certs Store

When running vSphere 6.5 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.

I made a little script (VBS) that pulls the CA certificate from a vCenter Server or Platform Services Controller and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.

Just save the source to a file with a .vbs extension, or download the .zip package which includes the file. The script asks for the vCenter FQDN, pulls the certificate archive, extracts it and adds the certificate to the local root store.

The script is configured to elevate permissions. When UAC is enabled, it asks for permission.

Supported OS

  • Windows 7
  • Windows 8
  • Windows 10

Download: add-vcenter65-root-ca.vbs
Source: GitHub


  1. Why wouldn't you make vmware a subordinate CA?

  2. I receive an error when attempting to use this vbs script:

    Line: 34
    Char: 3
    Error: Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
    Code: 800A0BB9
    Source: ADODB.Stream

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>