vCheck – Could not establish trust relationship for the SSL/TLS secure channel

Firstly, if you are not using vCheck in your vSphere environment, hop on over to Alan Renouf’s blog where you will find vCheck – a community driven free set of PowerCLI vSphere environment checks that will generate a nice report (now with the new Clarity html5 client theme!) to be emailed out to you before you reach the office each morning. It is not a replacement for proper monitoring but provides a level of insight you won’t get elsewhere and I swear by it to get a head’s up on potential issues before they have a chance to become catastrophies.

I have recently been finding when running vCheck that several checks would return the error

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

After much troubleshooting I discovered this was down to certificate trust.  In order to resolve this issue:

Download the vCenter certificates

Browse to your vcenter address over https:  Https:// and on the bottom right, click Download Trusted Root CA Certificates



You’ll get a .zip file with the certificates. Unzip, and if on windows browse to /certs/win and grab the CRT that has a corresponding CRL.

Import this certificate via whatever method is used on your OS of choice. On Windows for example Internet Options > Content > Certificates > Trusted Root Certification Authorities.

Click Import, the CA should be named CA. If it is named ssoserver, you’ve grabbed the wrong cert.

Once imported, vCheck should now be running without errors!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s