Some Key Management Server (KMS) vendors require that you upload the trusted key provider's client certificate to the KMS. After the upload, the KMS accepts traffic that comes from the trusted key provider.
- Ensure that you are connected to the vCenter Server of the Trust Authority Cluster. For example, you can enter $global:defaultviservers to show all the connected servers.
- (Optional) If necessary, you can run the following commands to ensure that you are connected to the vCenter Server of the Trust Authority Cluster.
Disconnect-VIServer -server * -Confirm:$false Connect-VIServer -server TrustAuthorityCluster_VC_ip_address -User trust_admin_user -Password 'password'
- Assign the
Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $vTAinformation to a variable.For example:
$kp = Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $vTA
If you are following these tasks in order, you previously assigned Get-TrustAuthorityCluster information to a variable (for example,
$vTA = Get-TrustAuthorityCluster 'vTA Cluster').This variable obtains the trusted key providers in the given Trust Authority Cluster, in this case,
$vTA.Note: If you have more than one trusted key provider, use commands similar to the following to select the one you want:
Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $vTA <The trusted key providers listing is displayed.> $kp = Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $vTA | Select-Object -Last 1
Select-Object -Last 1selects the last trusted key provider in the list.
- To create the trusted key provider client certificate, run the New-TrustAuthorityKeyProviderClientCertificate cmdlet.
New-TrustAuthorityKeyProviderClientCertificate -KeyProvider $kpThe thumbprint is displayed.
- To export the key provider client certificate, run the Export-TrustAuthorityKeyProviderClientCertificate cmdlet.
Export-TrustAuthorityKeyProviderClientCertificate -KeyProvider $kp -FilePath clientcert.pemThe certificate is exported to a file.
- Upload the certificate file to the KMS.
See your KMS documentation for more information.
The trusted key provider has established trust with the KMS.