Use the New Certificate Signing Request
Option to Establish a Standard Key Provider Trusted Connection
Some Key Management Server (KMS)
vendors require that
vCenter Server
generate
a Certificate Signing Request (CSR) and send that CSR to the KMS. The KMS signs the CSR and
returns the signed certificate. You can upload the signed certificate to vCenter Server
. Using the
New
Certificate Signing Request
option is a two-step process. First you
generate the CSR and send it to the KMS vendor. Then you upload the signed
certificate that you receive from the KMS vendor to
vCenter Server
.
- Navigate to thevCenter Server.
- ClickConfigureand selectKey Management Servers.
- Select the KMS instance with which you want to establish a trusted connection.
- From theEstablish Trustdrop-down menu, selectMake KMS trust vCenter.
- SelectNew Certificate Signing Request (CSR)and clickNext.
- In the dialog box, copy the full certificate in the text box to the clipboard or download it as a file.Use theGenerate new CSRbutton in the dialog box only if you explicitly want to generate a CSR.
- Follow the instructions from your KMS vendor to submit the CSR.
- When you receive the signed certificate from the KMS vendor, clickKey Providersagain, select the key provider, and from theEstablish Trustdrop-down menu, selectUpload Signed CSR Certificate.
- Paste the signed certificate into the bottom text box or clickUpload Fileand upload the file, and clickUpload.
Finalize the trust
relationship. See
Finish the Trust Setup for a Standard Key Provider.