Some Key Management Server (KMS) vendors require that you upload the KMS server certificate and private key to the vCenter Server system.
Some KMS vendors generate a certificate and private key for the connection and make them available to you. After you upload the files, the KMS trusts your vCenter Server instance.
- Request a certificate and private key from the KMS vendor. The files are X509 files in PEM format.
- Navigate to the vCenter Server.
- Click Configure and select Key Providers under Security.
- Select the key provider with which you want to establish a trusted connection.
The KMS for the key provider is displayed.
- From the Establish Trust drop-down menu, select Make KMS trust vCenter.
- Select KMS certificate and private key and click Next.
- Paste the certificate that you received from the KMS vendor into the top text box or click Upload a File to upload the certificate file.
- Paste the key file into the bottom text box or click Upload a File to upload the key file.
- Click Establish Trust.
What to do next
Finalize the trust relationship. See Finish the Trust Setup for a Standard Key Provider.