So you just completed your migration from an earlier version of vSphere up to vSphere 6.5 (particularly vCenter 6.5 Virtual Appliance). When trying to log in to the vSphere web client, you receive numerous “The VMware enhanced authentication plugin has updated it’s SSL certificate in Firefox. Please restart Firefox.”. You’ll usually see 2 of these messages in a row on each page load.
You’ll also note that the “Enhanced Authentication Plugin” doesn’t function after the install (it won’t pull your Active Directory authentication information).
To resolve this:
Uninstall all vSphere plugins from your workstation. I went ahead and uninstalled all vSphere related software on my workstation, this includes the deprecated vSphere C# client application, all authentication plugins, etc… These are all old.
Open up your web browser and point to your vCenter server (https://vCENTERSERVERNAME), and download the “Trusted root CA certificates” from VMCA (VMware certificate authority).
Download and extract the ZIP file. Navigate through the extracted contents to the windows certs. These root CA certificates need to be installed to your “Trusted Root Certification Authorities” store on your system, and make sure you skip the “Certificate Revocation List” file which ends in a “.r0”.
To install them, right click, choose “Install Certificate”, choose “Local Machine”, yes to UAC prompt, then choose “Place all certificates in the following store”, browse, and select “Trusted Root Certification Authorities”, and finally finish. Repeat for each of the certificates. Your workstation will now “trust” all certificates issued by your VMware Certificate Authority (VMCA).
You can now re-open your web browser, download the “Enhanced Authentication Plugin” from your vCenter instance, and install. After restarting your computer, the plugin should function and the messages will no longer appear.
Leave a comment!
Thanks so much for taking the time to post this! I was just struggling with this issue and wasn’t sure how to fix it. Our company relies on ESXi but we’re small enough so we don’t have whole server farms running it, or staff with formal VMWare training. I’m the main person in charge of keeping our ESXi environment running and updated, but my experience comes from a previous job where I decided to hand-build a single server with the free version of the product, in order to virtualize a few old Windows servers that had become old and unreliable.
I really like the ESXi product, but at the same time I’m regularly frustrated by how difficult things can be which seem like they should be simple and straightforward. This was one such situation. Why didn’t the setup program for the plug-in handle all of this automatically and gracefully?
Hi Tom,
It’s unfortunate, but as with all technology and IT products, there will be bugs and hiccups along the way as the product get used, upgrades come and go, and as issues arise in the environment.
This was a major release changing and upgrading to this version, so it’s expected that there will be problems with such a major change.
I consider this a minor problem (I’ve seen way worse), so all it takes is time to find out what’s going on and resolve it.
All upgrades should be scheduled and slowly rolled out.
It’s unfortunate, but as technology is designed to make our lives easier and allow us to do more, it brings with it new levels of complexity.
Cheers,
Stephen
Stephen,
Thanks for the tip. 2 seasoned IT and PLM professionals struggled with this for 1-1/2 days. But after getting Firefox installed (to use vs Chrome or IE as a test), we noticed that FF was working (unlike the other 2 browsers), until we installed the Enhanced authentication.
With this info my IT guy found your site. So even though we were not doing an upgrade or migration, the certs must have been corrupted, and this fixed them once and for all.
Thanks again
Bob Mills