When attempting to install a new vRA vSphere Proxy Agent whilst on a customer engagement, I encountered the below error when testing the connection to the Manager Server Host and Model manager Web Service Host VIPs during the Install Proxy Agent wizard:

“Cannot validate Manager Service host. The remote certificate is invalid according to the validation procedure.”

When clicking “Test”, it is expected that a prompt will ask whether it should trust the new certificate, however instead I was getting this error.

A note about this deployment, is that vRA was deployed with vRealize Lifecycle Manager (vRLCM), and is using a certificate provisioned by the vRLCM CA for its certificates.

The workaround I found was a mix between these two different KB articles, basically adding the vRLCM CA Root Cert into the Proxy Agent VMs trusted Root store. Here are the steps:

1. Login to vRLCM, then go to Certificate Management.
2. Download the Certificate Chain (in PEM format).
3. Edit the .pem file, and copy out the Root CA. This will be the bottom-most block, just above the Private Key. Don’t forget to include the text “—–BEGIN CERTIFICATE—–” and  “—–END CERTIFICATE—–“
4. Paste this block of text into a new file, and name it “Root.cer”
5. Copy this file over to your Proxy Agent VM, right click, and Install.
6. Install the certificate for “Local Machine”, in the “Trusted Root Certification Authorities” certificate store.
7. Now go back to the Proxy Agent install wizard, and hit Test again. It should Pass successfully.