Use the Certificate Option to Establish a
Standard Key Provider Trusted Connection
Some Key Management Server (KMS)
vendors require that you upload the
vCenter Server
certificate to the KMS. After the upload, the KMS accepts traffic that comes from a system
with that certificate. vCenter Server
generates a certificate to protect connections with the KMS. The certificate is
stored in a separate key store in the VMware Endpoint Certificate Store (VECS)
on the
vCenter Server
system.
- Navigate to thevCenter Server.
- ClickConfigureand selectKey Management Servers.
- Select the KMS instance with which you want to establish a trusted connection.
- From theEstablish Trustdrop-down menu, selectMake KMS trust vCenter.
- SelectvCenter Certificateand clickNext.The Download Certificate dialog box is populated with the root certificate thatvCenter Serveruses for encryption. This certificate is stored in VECS.Do not generate a new certificate unless you want to replace existing certificates.
- Copy the certificate to the clipboard or download it as a file.
- Follow the instructions from your KMS vendor to upload the certificate to the KMS.
Finalize the trust
relationship. See
Finish the Trust Setup for a Standard Key Provider.