Browser-Based Certificate Login

If you deployed the VCH with client and server authentication by using --tls-cname or by specifying a static IP address on the client network, you can use browser-based certificate authentication to access the VCH Admin Portal. In this way, you do not need to provide the vSphere credentials each time that you log in to VCH Admin.


  • You deployed a VCH with --tls-cname or a static IP address for the VCH on the client network.
  • Use Firefox. Currently, this feature is only supported with Firefox.
  • Locate the file named cert.pfx on the system on which you ran vic-machine create. The cert.pfx is located in either of the following locations:

    • In the folder with the same name as the VCH, in the directory from which you ran vic-machine create.
    • In a folder that you specified in the vic-machine create --tls-cert-path option.


  1. In Firefox, select Tools > Options and select Advanced.
  2. Click View Certificates.
  3. Click Import.
  4. Browse to the cert.pfx file and click Open.
  5. Click OK.

    Do not enter a password when prompted.


You see a message stating that the certificate was successfully installed. With the VCH certificate installed in your browser, you can navigate to https://vch_address:2378/ or to one of the log pages without having to enter the vSphere credentials.

results matching ""

    No results matching ""