If you want to use third-party certificates in your environment, you must add a trusted root certificate to the certificate store.


Obtain the custom root certificate from your third-party or in-house CA.


  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the Certificate Management UI.
    1. From the Home menu, select Administration.
    2. Under Certificates, click Certificate Management.
  4. If the system prompts you, enter the credentials of your vCenter Server.
  5. Under Trusted Root Certificates, click Add.
  6. Click Browse and select the location of the certificate chain.
    You can use a file of type CER, PEM, or CRT.
  7. Click Add.
    The certificate is added to the store.