As part of my Automation Framework I automatically download and install the VMware VCSA certificate to the proper location to prevent the annoying certificate error message.
This works with all browsers using a IP Address or FQDN.
I’m getting all my configrations from a central Settings.xml, but you can just delete line 9 & 10 and set your VCSA infromation at line 12 $vCenter.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# Determine where to do the logging $logPS = "C:\Windows\Temp\Import Certificate VCSA.log" Write-Verbose "Setting Arguments" -Verbose $StartDTM = (Get-Date) Start-Transcript $LogPS $MyConfigFileloc = ("$env:Settings\Applications\Settings.xml") [xml]$MyConfigFile = (Get-Content $MyConfigFileLoc) $VCenter = $MyConfigFile.Settings.VMware.VCenter $VCenterSDK = "https://" + "$VCenter" + "/sdk" $uri = "https://" + "$VCenter" + "/certs/download.zip" $certpath = "C:\Windows\Temp\certs\win\" # Could not establish trust relationship for the SSL/TLS Secure Channel – Invoke-WebRequest add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Download and Extract Certificate $PackageName = $uri.Substring($uri.LastIndexOf("/") + 1) Invoke-WebRequest -Uri $uri -OutFile "${env:SystemRoot}\Temp\$PackageName" -UseBasicParsing Expand-Archive -Path "${env:SystemRoot}\Temp\$PackageName" -DestinationPath "${env:SystemRoot}\Temp" -Force # Find SSL certificates ending with .crt $Dir = get-childitem "${env:SystemRoot}\Temp\certs\win" -recurse $File = $Dir | where {$_.extension -eq ".crt"} $Cert = $File.Name # Import Certificate to Trusted People" CERTUTIL -addstore -enterprise -f -v root $certpath\$Cert CERTUTIL -addstore -f "TRUSTEDPEOPLE" $certpath\$Cert Write-Verbose "Stop logging" -Verbose $EndDTM = (Get-Date) Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose Stop-Transcript |