If you imported a root CA certificate issued by your own internal Certificate Authority to the JRE truststore in vSphere 7.0, starting in vSphere 7.0 Update 1, you can register the certificate to the Trusted Root Certificates Store.

To configure vCenter Server Identity Provider Federation in vSphere 7.0 with a root CA certificate that was issued by your own internal Certificate Authority, you had to import it to the JRE truststore. Starting in vSphere 7.0 Update 1, you can register the certificate to the Trusted Root Certificates Store. This change means that you should add the root CA certificate that was issued by your own internal Certificate Authority to the Trusted Root Certificates Store (also called the VMware Endpoint Certificate Store, or VECS). Certificates in the JRE truststore continue to function, however, vCenter Server is standardizing on using the Trusted Root Certificates Store.

Procedure

  1. Log in with the vSphere Client to the vCenter Server.
  2. Navigate to Administration > Certificates > Certificate Management.
  3. Next to Trusted Root Certificates, click Add.
  4. Browse for the AD FS root certificate and click Add.
    The certificate is added in a panel under Trusted Root Certificates.