vCheck – Could not establish trust relationship for the SSL/TLS secure channel

Firstly, if you are not using vCheck in your vSphere environment, hop on over to Alan Renouf’s blog where you will find vCheck – a community driven free set of PowerCLI vSphere environment checks that will generate a nice report (now with the new Clarity html5 client theme!) to be emailed out to you before you reach the office each morning. It is not a replacement for proper monitoring but provides a level of insight you won’t get elsewhere and I swear by it to get a head’s up on potential issues before they have a chance to become catastrophies.
I have recently been finding when running vCheck that several checks would return the error

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

After much troubleshooting I discovered this was down to certificate trust.  In order to resolve this issue:

Download the vCenter certificates

Browse to your vcenter address over https:  Https://vcenter.domain.com and on the bottom right, click Download Trusted Root CA Certificates
vcenter.PNG
 
You’ll get a .zip file with the certificates. Unzip, and if on windows browse to /certs/win and grab the CRT that has a corresponding CRL.
Import this certificate via whatever method is used on your OS of choice. On Windows for example Internet Options > Content > Certificates > Trusted Root Certification Authorities.
Click Import, the CA should be named CA. If it is named ssoserver, you’ve grabbed the wrong cert.
Once imported, vCheck should now be running without errors!

Leave a Reply

Your email address will not be published. Required fields are marked *