Use the Certificate Option to Establish a Standard Key Provider Trusted Connection

Some Key Management Server (KMS) vendors require that you upload the
vCenter Server
certificate to the KMS. After the upload, the KMS accepts traffic that comes from a system with that certificate.
vCenter Server
generates a certificate to protect connections with the KMS. The certificate is stored in a separate key store in the VMware Endpoint Certificate Store (VECS) on the
vCenter Server
system.
  1. Navigate to the
    vCenter Server
    .
  2. Click
    Configure
    and select
    Key Management Servers
    .
  3. Select the KMS instance with which you want to establish a trusted connection.
  4. From the
    Establish Trust
    drop-down menu, select
    Make KMS trust vCenter
    .
  5. Select
    vCenter Certificate
    and click
    Next
    .
    The Download Certificate dialog box is populated with the root certificate that
    vCenter Server
    uses for encryption. This certificate is stored in VECS.
    Do not generate a new certificate unless you want to replace existing certificates.
  6. Copy the certificate to the clipboard or download it as a file.
  7. Follow the instructions from your KMS vendor to upload the certificate to the KMS.
Finalize the trust relationship. See Finish the Trust Setup for a Standard Key Provider.