VCenter SSL certificate error through IE

I recently tried to run Dell’s DPACK tool to monitor IOPs of our SAN through VCenter, but it would not connect.  A bit of reading lead me to discover that Internet Explorer was rejecting the SSL certificate, as it was only 512 bits and considered insufficient(!).  Since the DPACK tool uses the IE libraries to connect to VCenter, this too was failing.

The issue only affects systems that were upgraded from vmWare vSphere 4.0, because from a 4.1 clean install, the bit length was greater on the default self-signed certificates.  The process for upgrading the SSL certificate on the vSphere hosts is a long and complex one.  Although not ideal, my resolution was to uninstall the Windows patch KB2661254 and this allows Dell’s tool to run.

Removing the Windows Update can either be achieved through the Control Panel GUI, or by using the following command line instruction:

wusa /uninstall /kb:2661254 /norestart

Posted under: Browsers, Internet Explorer 9, vmWare vSphere

One comment

  • pieterjan.heyse on September 10, 2013 at 9:10 am said:

    You can also, on a temporary basis, lower the allowed SSL cert length to 512 bits. To do that, use this command: certutil -setreg chain\minRSAPubKeyBitLength 512

Leave a Reply