If you imported a self-signed root CA certificate to the JRE truststore in vSphere 7.0, starting in vSphere 7.0 Update 1, you can register the certificate to the Trusted Root Certificates Store.

To configure vCenter Server Identity Provider Federation in vSphere 7.0 with a self-signed root CA certificate, you had to import it to the JRE truststore. Starting in vSphere 7.0 Update 1, you can register the certificate to the Trusted Root Certificates Store. This change means that you should add the self-signed root CA certificate to the Trusted Root Certificates Store (also called the VMware Endpoint Certificate Store, or VECS). Certificates in the JRE truststore continue to function, however, vCenter Server is standardizing on using the Trusted Root Certificates Store.

Procedure

  1. Log in with the vSphere Client to the vCenter Server.
  2. Navigate to Administration > Certificates > Certificate Management.
  3. Next to Trusted Root Certificates, click Add.
  4. Browse for the AD FS root certificate and click Add.
    The certificate is added in a panel under Trusted Root Certificates.