Obtain vSphere Certificate Thumbprints
If your vSphere environment uses untrusted, self-signed certificates to authenticate connections, you must specify the thumbprint of the vCenter Server or ESXi host certificate in all vic-machine
commands to deploy and manage virtual container hosts (VCHs). If your vSphere environment uses trusted certificates that are signed by a known Certificate Authority (CA), you do not need to specify the --thumbprint
option. You can set the thumbprint as an environment variable. For information about setting vic-machine
environment variables, see Set Environment Variables for Common vic-machine
Options.
If you deploy VCHs from the vSphere Client, the Create Virtual Container Host wizard obtains the thumbprint automatically. However, you might still need to obtain the thumbprint for use in other vic-machine
commands, for example vic-machine update firewall
or vic-machine configure
.
You can use either SSH and OpenSSL or the Platform Services Controller to obtain certificate thumbprints, either before you run vic-machine
commands, or to confirm that a thumbprint in an error message is valid.
vCenter Server Appliance or ESXi Host
You can use SSH and OpenSSL to obtain the certificate thumbprint for a vCenter Server Appliance instance or an ESXi host.
- Use SSH to connect to the vCenter Server Appliance or ESXi host as
root
user.$ ssh root@vcsa_or_esxi_host_address
Use
openssl
to view the certificate fingerprint.- vCenter Server Appliance:
openssl x509 -in /etc/vmware-vpx/ssl/rui.crt -fingerprint -sha1 -noout
- ESXi host:
openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
- vCenter Server Appliance:
- Copy the certificate thumbprint for use in the
--thumbprint
option ofvic-machine
commands or to set it as an environment variable.
Platform Services Controller
You can obtain a vCenter Server certificate thumbprint by logging into the Platform Services Controller for that vCenter Server instance.
Log in to the Platform Services Controller interface.
- Embedded Platform Services Controller: https://vcenter_server_address/psc
- Standalone Platform Services Controller: https://psc_address/psc
Select Certificate Management and enter a vCenter Single Sign-On password.
- Select Machine Certificates, select a certificate, and click Show Details.
- Copy the thumbprint for use in the
--thumbprint
option ofvic-machine
commands or to set it as an environment variable.