Some Key Management Server (KMS) vendors require that you upload the KMS server certificate and private key to the vCenter Server system.

Some KMS vendors generate a certificate and private key for the connection and make them available to you. After you upload the files, the KMS trusts your vCenter Server instance.


  • Request a certificate and private key from the KMS vendor. The files are X509 files in PEM format.


  1. Navigate to the vCenter Server.
  2. Click Configure and select Key Management Servers.
  3. Select the KMS instance with which you want to establish a trusted connection.
  4. From the Establish Trust drop-down menu, select Make KMS trust vCenter.
  5. Select KMS certificate and private key and click Next.
  6. Paste the certificate that you received from the KMS vendor into the top text box or click Upload a File to upload the certificate file.
  7. Paste the key file into the bottom text box or click Upload a File to upload the key file.
  8. Click Establish Trust.

What to do next

Finalize the trust relationship. See Finish the Trust Setup for a Standard Key Provider.