Had an interesting one today on a small client running vCenter 5.1, that been upgraded from 4.1 to 5.0 and eventually to 5.1.
Their monitoring tool needed to access https://vcenter/mob via a patrol agent logged into the desktop of vCenter server.(will cover the power of mob later in another post).
Problem was when they accessed the URL they had the message
There is a problem with this website’s security certificate.”, “Continue to this website (not recommended).”, etc
But when you clicked on Continue to this website you would normally accept a login box to appear which can they used to access the MOB details of vCenter to provide access to underlying vCenter data.
The vCenter box was running IE9 and when I checked the default Vmware Default Certificate it was noted as being 512bits which due to recent changes from Microsoft in minimum key length was causing issues http://support.microsoft.com/?kbid=2661254
I know the real answer is for the client to move to 2048 byte certificates but at this time they are not in place to do this.
So I ran the following in a elevated command line (cmd.exe ‘run-as-administrator’), and heh presto the MOB url worked fine and patrol logged in:
certutil -setreg chain\minRSAPubKeyBitLength 512
If you want to revert this change and go back to the default of an 1024 bit key minimum, run:
certutil -delreg chain\MinRsaPubKeyBitLength