SSL certificate validation issues
To verify the validity of an SSL certificate, check for SSL certificate errors. If the error count is 0 or no errors are found, the certificate is considered valid. There are three types of SslPolicyErrors:
| Name | Value | Description |
|---|---|---|
| None | 0 | No SSL policy errors. |
| RemoteCertificateNotAvailable | 1 | The certificate is not available. |
| RemoteCertificateNameMismatch | 2 | The certificate name does not match the hostname. |
| RemoteCertificateChainErrors | 4 | The certificate chain contains errors. |
Common scenario: IP address usage in VMware connection
If a user connects to a VMware server using an IP address instead of a hostname, a certificate warning may appear—even if the connection is valid.
This typically results in a RemoteCertificateNameMismatch error. It occurs when the Common Name (CN) or Subject Alternative Name (SAN) in the certificate does not match the IP address used in the connection.
UI message displayed:
Spotlight has detected invalid or expired SSL certificate. Learn More
Clicking Learn More will open a knowledge base (KB) article with further details.
Recommendations
- To avoid this error, connect using the hostname that matches the CN or SAN in the certificate.
- If SSL errors are detected, a message will be shown in the UI to inform the user about the invalid certificate.
How to view the certificate CN (Common Name)
- Navigate to the ESXi host or vCenter Server.
- Go to Host or vCenter Settings.
- Select Configuration | Software.
- Locate and open Certificate or SSL Certificate.
- View the certificate details to find the Common Name (CN).
Remote certificate chain error in VMware connection
For RemoteCertificateChainErrors, please refer to the Microsoft documentation on RemoteCertificateChainErrors for possible causes.
[]: