When creating Host and Resources connection in Citrix Studio, we get the error “Cannot connect to the vCenter server due to a certificate error”. The error message indicates that the XenDesktop is not able to connect to vCenter, because it does not trust the server certificate in use. Integrating XenDesktop with vSphere or vCenter needs SSL certificate for security purpose. But in lab and testing environment, we can follow the below process to make XenDesktop 7.1 Studio working with an HTTP connection to vCenter 5.1.
1. Download and install Putty.
2. Connect to vCenter and login.
3. Type in cd /etc/vmware-vpx through Putty to change the directory.
4. Type in vi proxy.xml to edit the xml file.
5. We need to change ALL instances of httpsWithRedirect to httpAndHttps.
6. Press Esc and then type in :wq to save changes in the xml file and quit.
7. Restart vCenter server.
8. Connect vCenter appliance using Internet Explorer.
9. Go to System tab, check the information and the time zone.
10. Now in Citrix Studio go to Hosting node and configure Connection and resources.
Also a simple solution to this challenge is to connect to vCenter using IE, accept the security warning, click on the certificate warning and install the server certificate on the XenDesktop Broker.
But it will not work in all scenario. Below is another way of work around.
1. Connect to vCenter server and browse to “C:\ProgramData\VMware\VMware VirtualCenter\SSL“
2. Copy the cacert.pem file to a temp directory in XenDesktop Broker, “C:\Temp”)
3. Open a MMC as an administrator, add the Certificates Snap-In and select to manage certificates for the local Computer Account.
4. Browse to "Trusted Root Certification Authorities“ and select Import.
5. Import the cacert.pem file. (You need to select "All Files“ from the dropdown menu in the lower right hand corner, to be able to see it)
6. Now you should be able to see the vCenter certificate in the list of trusted certificates and XenDesktop should connect to vCenter without any error message.