Unless the Add Standard Key Provider dialog box prompted you to trust the KMS, you must explicitly establish trust after certificate exchange is complete.
You can complete the trust setup, that is, make vCenter Server trust the KMS, either by trusting the KMS or by uploading a KMS certificate. You have two options:
- Trust the certificate explicitly by using the Upload KMS certificate option.
- Upload a KMS leaf certificate or the KMS CA certificate to vCenter Server by using the Make vCenter Trust KMS option.
Note: If you upload the root CA certificate or the intermediate CA certificate,
vCenter Server trusts all certificates that are signed by that CA. For strong security, upload a leaf certificate or an intermediate CA certificate that the KMS vendor controls.