After installation of new version of VMware PowerCli module on one of my deployment at client infrastructure. I tried testing it by using cmdlet connect-viserver to vcenter, which was failing with below error. Reading error carefully on the screen, which was telling me, my vcenter’s SSL certificate is not trusted or self-signed, also The error gives resolution it self what needs to be done next.
connect-viserver : 8/9/2019 10:02:27 AM Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server.
Once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship for the SSL/TLS secure channle with authority ‘192.168.34.21’. At line:1 char:1
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], VISecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.VICore. # Cmdlets.Commands.ConnectVIServer
The correct response to resolve this issue is by replacing vCenter certificate to trusted CA signed certificate or add root chain certificate. But in case replacing SSL certificate option is not available to you, this issue can be resolved using another option using cmdlet Get-PowerCLIConfiguration, After running it, it shows the setting of how it will treat InvalidCertificateAction, default setting is Unset which means undefined.
Using below cmdlet it allows to connect to vCenter with Invalid certificate (self-signed certificate or invalid cert) but shows with certificate warning.
Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction warn
Once cmdlet Connect-VIServer with vCenter fqdn or IP is invoked, it shows the certificate contents and connection is successful with invalid certificate.