If using the default VMCA certificates is chosen, then the root certificate should be retrieved and deployed as a trusted root certificate. While this is not a requirement, the annoying untrusted security notices would always appear when accessing the vSphere Web Client if not done. This is seen in the following screenshot:
This is a multistep process that will include retrieving the root certificate from vCenter Server, converting it to a .cer
format, and then deploying it as a trusted root certificate. Typically, the easiest way to do this is by using Group Policy.
To begin this process:
Open a web browser and navigate to the vCenter Server page:
<https://<vCenter FQDN>
.In the lower-right corner of the page, select the Download trusted root CA certificates link.
Selecting this link will prompt you to save the root certificate. Choose where to save and what to call the file. Ensure that the file is in a
.zip
format. Click on the Save button...