How to configure smart card logon on vSphere 6.5?

By | November 7, 2017

Recently I configured a smart card authentication for vCenter Server 6.5. I have to admin that configuration is simple, however there is an important point - using a correct certificate format. When you follow a configuration guide (here) you can notice that the configuration is based on two points:

  • Configure the Reverse Proxy to Request Client Certificates. In this step you configure a proxy and you have to add all CA certificates to PSC. This steps is done via SSH to PSC. You have to use certificate in a correct format - Base-64 encoded X.509. If you use DER, you will receive a similar error:

140686157022872:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE

cert-base_64

  • Enable Smart Card Authentication using the Platform Services Controller Web Interface. Log in to https://external_psc_or_vcenter_embedded_address/psc and configure Smart Card.

smart card on vsphere 6.5

Of course,  Root CA certificates need to be trusted by your browser --> it should not be a problem when your desktop is joined to domain 😉

Useful links:

Configuring and Using Smart Card Authentication