When trying to configure a VMware vCenter based hypervisor connection within Citrix Studio in order to gain access to its resources, i.e. attached storage, et al, and utilize either PVS and/or MCS for VM management, you might receive the following error in case a self-signed certificate is in place on the vCenter server:
“Cannot connect to the vCenter server due to a certificate error. Make sure that the appropiate certificates are installed on the vCenter server, and install the appropiate certificates on the following machines: <FQDN XD Controller>”
To remedy this issue you have to install the issuer’s certificate on the XD 7.x Controller within the Third-Party Root Certification Authorities certificate store. The corresponding certificate can be found on the Virtual Center Server under C:\ProgramData\VMware\VMware VirtualCenter\SSL and is usually named cacert.pem.
Note: for Windows Servers prior to 2008 the file location is C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL
Note: in case your vCenter Server is based on a Linux Appliance instead of Windows Server pls read this blog article.
In order to import it onto your XD 7.x Controller launch a MMC and add the Certificates snapin for your Local Computer and expand Third-Party Root Certification Authorities > Certificates.
With corresponding administrative privileges you can directly navigate to \\<FQDN of vCenter server>\C$\ProgramData\VMware\VMware VirtualCenter\SSL and select the required certificate; make sure you select All Files (*.*) to display pem file extensions as well:
Complete the Certificate Import Wizard:
Make sure to select the right certificate store by browsing to Third-Party Root Certification Authorities and click Next:
After that copy the newly imported certificate to the Trusted Root Certification Authorities certificate store as well:
Now you should be able to succesfully connect to your vCenter Server with Citrix Studio. Simply verify by navigating to your vCenter Server’s URL https://<FQDN of vCenter Server>/ with IE and make sure no certificate warnings show up:
Now connect Citrix Studio to https://<FQDN of vCenter Server>/sdk with appropiate administrative privileges:
- How to trust the VMware vCenter 5.5 self signed certificate for XenDesktop 7.5
- Citrix Blogs – Using the default VMware vCenter server certificate in XenDesktop POCs
- Citrix Discussions – Config Citrix Studio 7.5 > connection > VMware vSphere
- Error “Cannot connect to the vCenter server due to a certificate error” Appears During Host Connection