As the error message indicates, XenDesktop is not able to connect to vCenter because it does not trust the server certificate in use. That commonly happens in POC environments where the customer has not replaced the self-signed server certificate, which is added to the vCenter server during installation, with a certificate signed by a trusted internal/external CA.
According to the XenDesktop Admin Guide in Citrix eDocs (http://support.citrix.com/proddocs/topic/xendesktop-7/cds-vmware-rho.html) a simple solution to this challenge is to connect to vCenter using IE, accept the security warning, click on the certificate warning and install the server certificate on the XenDesktop Broker.
Unfortunately this does not work in all cases. But luckily there is another option to make it work:
1. Connect to your vCenter server and browse to „C:\ProgramData\VMware\VMware VirtualCenter\SSL“
2. Copy the cacert.pem file to your XenDesktop Broker (to the C:\Temp directory for example)
3. Open a Microsoft Management Console (by running the mmc.exe command) as an Administrator
4. Add the Certificates Snap-In and select to manage certificates for the local computer account.
citrix blog:http://blogs.citrix.com/2013/12/18/using-the-default-vmware-vcenter-server-certificate-in-xendesktop-pocs/
一般使用直接用ie打开vsphere地址,然后安装证书,但有时候打开证书不能安装,如下图没有安装证书选项:
解决办法,上面是使用https://vsphere.test.com 地址访问,将地址改为 https://vsphere 就可以正常安装证书了。