Obtain vSphere Certificate Thumbprints
If your vSphere environment uses untrusted, self-signed certificates to authenticate connections, you must specify the thumbprint of the vCenter Server or ESXi host certificate in all vic-machine commands to deploy and manage virtual container hosts (VCHs). If your vSphere environment uses trusted certificates that are signed by a known Certificate Authority (CA), you do not need to specify the --thumbprint option.
You can use either SSH and OpenSSL or the Platform Services Controller to obtain certificate thumbprints, either before you run vic-machine commands, or to confirm that a thumbprint in an error message is valid.
vCenter Server Appliance or ESXi Host
You can use SSH and OpenSSL to obtain the certificate thumbprint for a vCenter Server Appiance instance or an ESXi host.
- Use SSH to connect to the vCenter Server Appliance or ESXi host as
rootuser.$ ssh root@vcsa_or_esxi_host_address
Use
opensslto view the certificate fingerprint.- vCenter Server Appliance:
openssl x509 -in /etc/vmware-vpx/ssl/rui.crt -fingerprint -sha1 -noout
- ESXi host:
openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
- vCenter Server Appliance:
- Copy the certificate thumbprint for use in the
--thumbprintoption ofvic-machinecommands.
Platform Services Controller
You can obtain a vCenter Server certificate thumbprint by logging into the Platform Services Controller for that vCenter Server instance.
Log in to the Platform Services Controller interface.
- Embedded Platform Services Controller: https://vcenter_server_address/psc
- Standalone Platform Services Controller: https://psc_address/psc
Select Certificate Management and enter a vCenter Single Sign-On password.
- Select Machine Certificates, select a certificate, and click Show Details.
- Copy the thumbprint for use in the
--thumbprintoption ofvic-machinecommands.