Some Key Management Server (KMS) vendors require that you upload the vCenter Server certificate to the KMS.
After the upload, the KMS accepts traffic that comes from a system with that certificate. vCenter Server generates a certificate to protect connections with the KMS. The certificate is stored in a separate key store in the VMware Endpoint Certificate Store (VECS) on the vCenter Server system.
Procedure
- Navigate to the vCenter Server.
- Click Configure and select Key Providers under Security.
- Select the key provider with which you want to establish a trusted connection.
The KMS for the key provider is displayed.
- From the Establish Trust drop-down menu, select Make KMS trust vCenter.
- Select vCenter Certificate and click Next.
The Download Certificate dialog box is populated with the root certificate that
vCenter Server uses for encryption. This certificate is stored in VECS.
Note: Do not generate a new certificate unless you want to replace existing certificates.
- Copy the certificate to the clipboard or download it as a file.
- Follow the instructions from your KMS vendor to upload the certificate to the KMS.
What to do next
Finalize the trust relationship. See Finish the Trust Setup for a Standard Key Provider.