Certificate Management Privileges

Certificate management privileges control which users can manage vCenter Server certificates.

Table 1. Certificate Management Privileges
Privilege Name	Description	Required On
Certificate Management.Create/Delete (Admins priv).	Allows full administrative-level access to various internal APIs and functionality for vCenter Server certificate-related operations.	vCenter Server
Certificate Management.Create/Delete (below Admins priv).	Allows reduced administrative access to various internal APIs and functionality. This privilege restricts certificate related operations so that the user cannot escalate non-administrator privileges. Allowed operations are: Generating certificate signing requests Creating and retrieving Trusted Root chains Deleting Trusted Root chains created by a user with the privilege Certificate Management.Create/Delete (below Admins priv). Retrieving Machine SSL certificates Retrieving the signing certificate chains for validating tokens issued by vCenter Server	vCenter Server