Skip to content

Script to add vSphere 6 VMCA Root Certificate to Trusted Certs Store

When running vSphere 6 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.

I've written a little script (VBS) that pulls the CA certificate from a vCenter Server and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.

Just save the source to a file with a .vbs extension, or download the .zip package which includes the file. The script asks vor the vCenter FQDN, pulls the certificate archive, unzips it and adds the certificate to the local root store.

Note: Adding certificates to the root store requires administrative permissions.

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objApp = CreateObject("Shell.Application")
Set objShell = CreateObject("WScript.Shell")

dim vCenterName
vCenterName = inputbox("Add vSphere 6.0 PSC trusted root CA certificates to the local certificate store. Please enter vCenter Server Address (eg.", "Enter vCenter Server URL", "")
if vCenterName = "" then
end if

CaCert = "./" & vCenterName & ""
CaDir = "./" & vCenterName & "-cacert/"
Set newDIR = objFSO.CreateFolder( CaDir )

dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", "https://" & vCenterName & "/certs/download", False
with bStrm
 .type = 1
 .write xHttp.responseBody
 .savetofile CaCert, 2
end with
Set unzip=objApp.NameSpace(objFSO.GetAbsolutePathName(CaCert)).Items()
objApp.NameSpace(objFSO.GetAbsolutePathName(CaDir)).copyHere unzip, 16

CertFolder = CaDir & "certs/"
Set objFolder = objFSO.GetFolder(CertFolder)
Set colFiles = objFolder.Files
For Each objFile in colFiles "certutil.exe -addstore Root "& CertFolder & objFile.Name 

If you don't want to use the script, you can also follow the instructions in KB2108294 which explains the same procedure.

Leave a Reply

Your email address will not be published. Required fields are marked *