If trying to connect to an older vCenter server (for example 5.5) using PowerCLI you may receive a invalid certificate error such as the one shown below:
Connect-VIServer -Server "vcenter.test.local"
Connect-VIServer : 3/30/2020 4:16:46 PM Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.
Additional Information: Could not establish secure channel for SSL/TLS with authority 'vcenter.test.local'.
At line:1 char:1
+ Connect-VIServer -Server "vcenter.test.local"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServerThis issue will typically persist if the PowerCLI session is configured to ignore certificate errors, using the following:
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -Scope AllUsersThe reason for the error is that the system where PowerCLI is being used is not configured to use the version of TLS needed to connect to the vCenter. To change the TLS versions allowed, the following command can be used:
[System.Net.ServicePointManager]::SecurityProtocol =[System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'You can read more about this property in the Microsoft documentation. If you want to check what versions of TLS you can configure PowerShell to use on your system, you can run:
[enum]::GetNames([Net.SecurityProtocolType])
SystemDefault
Ssl3
Tls
Tls11
Tls12
Tls13Once configured, you should then be able to connect to the vCenter successfully.