Recently I configured a smart card authentication for vCenter Server 6.5. I have to admin that configuration is simple, however there is an important point - using a correct certificate format. When you follow a configuration guide (here) you can notice that the configuration is based on two points:
- Configure the Reverse Proxy to Request Client Certificates. In this step you configure a proxy and you have to add all CA certificates to PSC. This steps is done via SSH to PSC. You have to use certificate in a correct format - Base-64 encoded X.509. If you use DER, you will receive a similar error:
140686157022872:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
- Enable Smart Card Authentication using the Platform Services Controller Web Interface. Log in to https://external_psc_or_vcenter_embedded_address/psc and configure Smart Card.
Of course, Root CA certificates need to be trusted by your browser --> it should not be a problem when your desktop is joined to domain 😉