source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009000
Downloading patches from one of the software sites configured in VMware vCenter Update Manager fails.
The VMware vCenter Update Manager server logs contain entries similar to:
[2011-11-01 15:24:57:425 ‘httpDownload’ 4440 ERROR] [httpDownload, 732] Error 12175 from WinHttpSendRequest for url https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Error 12175 deals with failed certificate validation. This issue can occur if one of the CA certificates used to sign the patch sites certificate is not trusted by the computer running the VMware vCenter Update Manager server software.
Solution 1
Update Manager 5.0 introduces a new setting that verifies the SSL certificates during download. By default, this value is set to 1 or enabled.
To disable this behavior:
- Click Start > Run, type regedit, and click OK. The Registry Editor window opens.
- Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Update Manager key.
- Right-click the value of the SslVerifyDownloadCertificate key and click Modify.
- Change the Value data field value to 0.
- Click OK.
- Click Start > Run, type services.msc , and click OK.
- Right-click VMware vSphere Update Manager Service and click Restart.
Solution 2
Trust the certificate for the site that is failing by installing it into the trusted certificate store for the local computer. You could also download and trust the CA certificates that were used in signing the site certificate into the local computer certificate store.
You might also want to update the root certificates on the Microsoft Windows operating system. For more information, go to the Microsoft Download Center.