Using the default VMWare vCenter certificate in XenDesktop

I ran into an error the other day while trying to set up XenDesktop with VMWare vSphere 5.5 following the guide on using the default VMWare vCenter certificate.

I tried the first suggestion where I was supposed to download the cacert.pem from “C:\ProgramData\VMware\VMware VirtualCenter\SSL” on the vCenter machine.
There were no such file there so I went for a suggestion in the comment field in the article and tried to use the rui.crt. This did not help either.

Another option that were told in this article was to download and install the certificate through IE (step 4 in

So I went to my Delivery Controller that ran 2012R2 and IE11 and connected to the vCenter adress and received this message:


As you can see there is no “Continue to this website option”, so I could not continue following the instructions.
After some research I found a KB article (KB 2661254) that explained that to reduce the risk of unauthorized exposure of sensitive information, Microsoft has released a nonsecurity update for all supported versions of Microsoft Windows. This update blocks cryptographic keys that are less than 1024 bits long.
Windows 8.x and Windows Server 2012(R2) already include the functionality to block the use of weak RSA keys that are less than 1024 bits long.

So to be able to continue to the site and download the certificate I created the following registry key;
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config\
DWORD (32 bit) : MinRsaPubKeyBitLength
value : 512 (decimal)




After closing and opening IE I received the option to continue.


From here on there were just to follow the instructions in edocs ( almost  :) )

I have included the screenshots of the remaining process for you below.











Remember to remove the registry key when you are done.


No comments yet.

Leave a Comment

Blue Captcha Image