Certificate management privileges control which users can manage vCenter Server certificates.

Table 1. Certificate Management Privileges
Privilege Name Description Required On
Certificate Management.Create/Delete (Admins priv).

Allows full administrative-level access to various internal APIs and functionality for vCenter Server certificate-related operations.

vCenter Server
Certificate Management.Create/Delete (below Admins priv). Allows reduced administrative access to various internal APIs and functionality. This privilege restricts certificate related operations so that the user cannot escalate non-administrator privileges. Allowed operations are:
  • Generating certificate signing requests
  • Creating and retrieving Trusted Root chains
  • Deleting Trusted Root chains created by a user with the privilege Certificate Management.Create/Delete (below Admins priv).
  • Retrieving Machine SSL certificates
  • Retrieving the signing certificate chains for validating tokens issued by vCenter Server
vCenter Server