Export Machine SSL Embedded Private Key From vCenter

This quick post demonstrates how to export the Machine SSL embedded Private key from your vCenter Server Appliance (VCSA). If you replaced the default Machine SSL certificate on your vCenter where the CSR was generated from the vCenter Server, the private key would be embedded in the vCenter Appliance certificate store. If you need to…

Continue Reading

Remove certificates with weak signature algorithms in vCenter Server

During the vCenter Server 8.0 upgrade, I was faced with the following Pre-upgrade check error and wasn’t able to continue the upgrade. As of vCenter Server 8.0, certificates with SHA-1 signature algorithms are no longer supported and must be removed or replaced with a certificate that uses SHA-2 signature algorithm. In this post, I’ll show…

Continue Reading

Launch vCenter VCSA UI/CLI Installer on MacOS

MacOS from Catalina onwards, a security change prevents non notarized apps from running. To get around this, you need to exclude the VCSA Installer from the MacOS Security Gatekeeper by removing the metadata quarantine attribute “com.apple.quarantine” for the VCSA ISO. Before mounting the ISO, open Terminal and run the following command Now you may mount…

Continue Reading

Invalid vCenter Cert using macOS Catalina and Chrome

I had redeployed my home lab vCenter appliance, and upon attempting to access the vCenter UI, I was denied access and encountered the following error “NET::ERR_CERT_INVALID“ Details in the Error vc.virtuallywired.io normally uses encryption to protect your information. When Google Chrome tried to connect to vc.virtuallywired.io this time, the website sent back unusual and incorrect…

Continue Reading

Install Free SSL Certificate for vSphere 7 Home Lab

Last year I wrote the follow guide Install Free Let’s Encrypt SSL Certificate for your vCenter 6.7 Lab. The certificate was issued by Let’s Encrypt via a project called ZeroSSL. Recently ZeroSSL stopped using Let’s Encrypt, and started issuing the certificates themselves, therefore the process to generate the certificate outlined in that guide is no…

Continue Reading

Fix Error, You cannot visit site right now because the website uses HSTS

I faced this error on Chrome. You cannot visit “site” right now because the website uses HSTS. The HTTP Strict-Transport-Security response header (HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP, therefore, preventing access. I received this error because I had accessed this URL previously…

Continue Reading

Converge External PSC to Embedded with vCenter Enhanced Linked Mode Configured

VMware announced the deprecation of the External Platform Services Controller. vCenter Enhanced Linked Mode was only supported with the External PSC (Platform Services Controller) deployment architecture. With the release of 6.7, VMware announced a simplified vCenter SSO (Single Sign-On) domain architecture by enabling vCenter Enhanced Linked Mode support for the vCenter Server Appliance with embedded…

Continue Reading

vCenter 6.7 U3 Upgrade Has Limited Deployment Size options with Snapshots

I encountered an interesting issue while attempting to upgrade a vCenter 6.5 Update 2 appliance to 6.7 Update 3. I started by mounting the 6.7U3 iso, executing the installer and selecting the upgrade option. The first step was to connect to the source vCenter appliance that I was upgrading and the vCenter that was managing…

Continue Reading