In one of our earlier posts, we have seen what Root Certificates are.There may be times, when some companies or users may feel the need to manage and configure Trusted Root Certificates, so as to prevent other users in the domain from configuring their own set.Hopefully this guide will help you avoid those pitfalls.Firstly let me explain the small lab environment I will use.My question is ¿where I can find the latest version of this list of trusted certificated? file to another machine, open the file and install the desired certs from it.The article at https://netflex.nl/automatische-ca-root-updates-op-windows/ suggests that you download the root certificates with rootsupd.exe, available at When opening the file in Certmgr I'm able to see all the certs, I can then add any that I need (to install Visual Studio 2015 on an offline Windows 7 box, I needed the "Microsoft Root Certificate Authority 2010" and "Microsoft Root Certificate Authority 2011") by double clicking to open them, then clicking the install button.
Review https://kb.vmware.com/kb/2112009 and perform the steps outlines in the sections ‘Creating a new template for v Sphere 6.0 to use for VMCA as a Subordinate CA’ and also ‘Adding a new template to certificate templates’ SSH to the Platform Services Controller (or v Center Server if using VC w/ Embedded PSC) Enable the BASH shell and set it to the default shell (we’ll need that when uploading the new certificate files) 2. Replace VMCA Root certificate with Custom Signing Certificate and replace all Certificates. The certificate-manager will ask a question about generating all certificates using configuration files. Provide the [email protected] credentials 5. Next we will be asked to configure the configuration file for MACHINE_SSL_CERT.In v Sphere 6.0 the VMCA (VMware Certificate Authority) was introduced.This is basically v Sphere’s own CA and it’s purpose is to simplify certificate generation and implementation in v Sphere, in conjunction with VECS (VMware Endpoint Certificate Store) While I do agree it does simplify the whole process, it’s not without its limitations and known issues.However, when I select "Automatically select the certificate store based on the type of certificate" it didn't put these in the trusted root.Instead I had to manually pick the certificate store and then select "Trusted Root Certification Authorities".