Using the default VMWare vCenter certificate in XenDesktop

I ran into an error the other day while trying to set up XenDesktop with VMWare vSphere 5.5 following the guide on blogs.citrix.com using the default VMWare vCenter certificate.

I tried the first suggestion where I was supposed to download the cacert.pem from “C:\ProgramData\VMware\VMware VirtualCenter\SSL” on the vCenter machine.
There were no such file there so I went for a suggestion in the comment field in the article and tried to use the rui.crt. This did not help either.

Another option that were told in this article was to download and install the certificate through IE (step 4 in http://support.citrix.com/proddocs/topic/xendesktop-7/cds-vmware-rho.html)

So I went to my Delivery Controller that ran 2012R2 and IE11 and connected to the vCenter adress and received this message:
vc1

 

As you can see there is no “Continue to this website option”, so I could not continue following the instructions.
After some research I found a KB article (KB 2661254) that explained that to reduce the risk of unauthorized exposure of sensitive information, Microsoft has released a nonsecurity update for all supported versions of Microsoft Windows. This update blocks cryptographic keys that are less than 1024 bits long.
Windows 8.x and Windows Server 2012(R2) already include the functionality to block the use of weak RSA keys that are less than 1024 bits long.

So to be able to continue to the site and download the certificate I created the following registry key;
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config\
DWORD (32 bit) : MinRsaPubKeyBitLength
value : 512 (decimal)

vc2

vc3

 

After closing and opening IE I received the option to continue.

vc4

From here on there were just to follow the instructions in edocs ( almost  :) )

I have included the screenshots of the remaining process for you below.

PreXD1

PreXD2

PreXD3

PreXD4

PreXD5

PreXD6

PreXD7

PreXD8

PreXD9

 

Remember to remove the registry key when you are done.

 

No comments yet.

Leave a Comment

Blue Captcha Image
Refresh

*