Version 1.6. This version is no longer supported as outlined in the Anthos version support policy. For the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem), upgrade to a supported version. You can find the most recent version here.

Finding your vCenter CA cert path

This document shows how to get the root certificate for your vCenter server.

When a client, like Anthos clusters on VMware (GKE on-prem), sends a request to your vCenter server, the server must prove its identity to the client by presenting a certificate or a certificate bundle. To verify the certificate or bundle, Anthos clusters on VMware must have the root certificate in the chain of trust.

When you fill in an admin workstation configuration file, you provide the path of the root certificate in the vCenter.caCertPath field.

Your VMware installation has a certificate authority (CA) that issues a certificate to your vCenter server. The root certificate in the chain of trust is a self-signed certificate created by VMware.

If you do not want to use the VMWare CA, which is the default, you can configure VMware to use a different certificate authority.

If your vCenter server uses a certificate issued by the default VMware CA, download the certificate as follows:

curl -k "https://[SERVER_ADDRESS]/certs/" >

Replace [SERVER_ADDRESS] with the address of your vCenter server.

Install the unzip command and unzip the certificate file:

sudo apt-get install unzip

If the unzip command doesn't work the first time, enter the command again.

Find the certificate file in certs/lin.