Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration

This post was originally published on this site

After installation of new version of VMware PowerCli module on one of my deployment at client infrastructure. I tried testing it by using cmdlet connect-viserver to vcenter, which was failing with below error. Reading error carefully on the screen, which was telling me, my vcenter’s SSL certificate is not trusted or self-signed, also The error gives resolution it self what needs to be done next.

connect-viserver : 8/9/2019 10:02:27 AM Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server.
Once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship for the SSL/TLS secure channle with authority ‘192.168.34.21’. At line:1 char:1
+ connect-viserver
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], VISecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.VICore. # Cmdlets.Commands.ConnectVIServer

vmware-vsphere-powercli-automation-module-connect-viserver-Set-PowerCLIConfiguration-InvalidCertificateAction-trust-relationshif-for-ssl-tls-solved.png

The correct response to resolve this issue is by replacing vCenter certificate to trusted CA signed certificate or add root chain certificate. But in case replacing SSL certificate option is not available to you, this issue can be resolved using another option using cmdlet Get-PowerCLIConfigurationAfter running it, it shows the setting of how it will treat InvalidCertificateAction, default setting is Unset which means undefined.

Get-PowerCLIConfiguration-InvalidCertificateAction-vmware-vsphere-powercli-module-7-set-powercliconfiguration-proxypolicy-scope-allusers-proxypolicy.png

Using below cmdlet it allows to connect to vCenter with Invalid certificate (self-signed certificate or invalid cert) but shows with certificate warning.
Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction warn

Set-PowerCLICOnfiguration-Scope-User-InvalidCertificateAction-Warn-vmware-powercli-automation-proxy-policy-defaultviserver.png

Once cmdlet Connect-VIServer with vCenter fqdn or IP is invoked, it shows the certificate contents and connection is successful with invalid certificate.

vmware-vsphere-powercli-connect-viserver-x509-module-root-certificate-self-signed-certificate-online-certificate-revocation-list-CRL.png

Useful Articles
Resolved: HP ILO this page cannot be displayed ERR_SSL_BAD_RECORD_MAC_ALERT
Reset/Restart HP ILO (Integrated Lights-outs) using putty
Reset HP ILO password from Esxi server
ESXi HP Blade start issue Enclosure power event detected, System Halted until power condition is corrected
Esxi update individual component firmware on HP hardware: disk degraded not authenticated

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.