Script to add vSphere 6.5 VMCA Root Certificate to Trusted Certs Store

When running vSphere 6.5 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.

I made a little script (VBS) that pulls the CA certificate from a vCenter Server or Platform Services Controller and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.

Just save the source to a file with a .vbs extension, or download the .zip package which includes the file. The script asks for the vCenter FQDN, pulls the certificate archive, extracts it and adds the certificate to the local root store.

The script is configured to elevate permissions. When UAC is enabled, it asks for permission.

Supported OS

  • Windows 7
  • Windows 8
  • Windows 10

Download: add-vcenter65-root-ca.vbs
Source: GitHub


  1. Why wouldn't you make vmware a subordinate CA?

  2. I receive an error when attempting to use this vbs script:

    Line: 34
    Char: 3
    Error: Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
    Code: 800A0BB9
    Source: ADODB.Stream

  3. This is a fantastic piece of work, worked great for me in a non-domain home lab, for Chrome and Edge on Windows 10. FYI, Firefox still whines a little, "This website does not supply ownership information."

    Thank you so much for sharing this easier-than-ever way to get it done! Next step, certificate warnings for ESXi Embedded Host Client...

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>