Use the New Certificate Signing Request Option to Establish a Standard Key Provider Trusted Connection

Some Key Management Server (KMS) vendors require that
vCenter Server
generate a Certificate Signing Request (CSR) and send that CSR to the KMS. The KMS signs the CSR and returns the signed certificate. You can upload the signed certificate to
vCenter Server
.
Using the
New Certificate Signing Request
option is a two-step process. First you generate the CSR and send it to the KMS vendor. Then you upload the signed certificate that you receive from the KMS vendor to
vCenter Server
.
  1. Navigate to the
    vCenter Server
    .
  2. Click
    Configure
    and select
    Key Management Servers
    .
  3. Select the KMS instance with which you want to establish a trusted connection.
  4. From the
    Establish Trust
    drop-down menu, select
    Make KMS trust vCenter
    .
  5. Select
    New Certificate Signing Request (CSR)
    and click
    Next
    .
  6. In the dialog box, copy the full certificate in the text box to the clipboard or download it as a file.
    Use the
    Generate new CSR
    button in the dialog box only if you explicitly want to generate a CSR.
  7. Follow the instructions from your KMS vendor to submit the CSR.
  8. When you receive the signed certificate from the KMS vendor, click
    Key Providers
    again, select the key provider, and from the
    Establish Trust
    drop-down menu, select
    Upload Signed CSR Certificate
    .
  9. Paste the signed certificate into the bottom text box or click
    Upload File
    and upload the file, and click
    Upload
    .
Finalize the trust relationship. See Finish the Trust Setup for a Standard Key Provider.