How to trust the VMware vCenter 5.5 self signed certificate for XenDesktop 7.5

Posted on Posted in Citrix XenDesktop, VMWare

The vCenter 5.5 installation creates a self signed certificate. Best practice is to replace it with an external trusted certificate. But if you do not want to pay any money for a certificate or just want to use the self signed certificate, the following error pops-up when adding vCenter as a host in XenDesktop:

Error id: XDDS:D883C098

Cannot connect to the VCenter server due to a certificate error. Mare sure the appropriate certificates are installed on the VCenter server, and the install the appropriate certificates on the same machine that contains all the instances of the Host service.



Here’s how to fix it:


On the vCenter server, navigate to:
C:\ProgramData\VMware\VMware VirtualCenter\SSL

(I had to take ownership of the folder to view the content)

Copy the cacert.pem file to the XenDesktop 7.5 C:\ drive image
Open a MMC console on the XenDesktop 7.5 host  
Add the Certificates snap-in for the Computer image

Navigate to the Trusted Root Certification Authorities

Expand Certificates
Right click on Certificates, All Tasks and select Import

Click Next

Click on X.509… and select All Files image
Navigate to C:\

Select the cacert.pem file

Click on Open  
Leave the Trusted Root Certification Authorities store selected

Click Next

Click Finish image
Successfully imported. image

Repeat these steps for all your XenDesktop Controllers.

Check in the Certificates MMC if the certificate uses a FQDN, then this is also necessary in the XenDesktop 7.5 Host wizard.

To test if the certificate is valid, open the website: https://vCenterServer.domain/sdk

The certificate is valid if there is NO notification of a untrusted certificate.


Now, let’s add the vCenter as a Host in XenDesktop 7.5.

I use the Add Host in XenDesktop Studio but this could also be done using the initial installation.


Click on Hosting image
Click on Add Connection and Resources image
Make sure that you use the FQDN of the vCenter server, if this is also applied to the certificate.

Click Next


Now there is no error message displayed.

Click Finish SNAGHTML1406bf2

5 thoughts on “How to trust the VMware vCenter 5.5 self signed certificate for XenDesktop 7.5

  1. This is a great article and I appreciate it. I have an issue however where there is no cacert.pem in that folder you specify. In the vsphere webclient folder however there is. Importing that cert makes no difference but I am having this EXACT same issue.
    Hopefully (Xen 7.6) someone either in Citrix or in the community at large will figure this out.

  2. Thanks this totally solved my issue! Do a search for the cacert.pem file if you can’t find it. My path was a little different too since I installed the vmware SSO. But I found it. Everything else was spot on. Thanks again!

Leave a Reply

Your email address will not be published. Required fields are marked *