You can use the TrustedRootChains interface to add, delete and read trusted root certificate chains.

If you want to use an enterprise or third-party certificate authority (CA) for certificate management of your vSphere environment, you must first establish trust with that CA. You can do this by adding the root certificate of the external CA to the trusted root store of your vCenter Server system.

Adding a root certificate or certificate chain to the vCenter Server trusted certificate store establishes trust with an enterprise or third-party certificate authority. You can add a root certificate to vCenter Server as a prerequisite for other scenarios such as setting a third-party or enterprise machine SSL certificate.

Prerequisites

  • Verify that the root certificate or certificate chain you want to add is available on your machine.

  • Verify that you have the required privileges: CertificateManagement.Manage and CertificateManagement.Administer.

Procedure

  1. (Optional) Retrieve the root certificates on your vCenter Server system by calling the list function of the TrustedRootChains interface.
  2. Create a X509CertChain instance with the root certificate you want to add.
  3. Create a specification with the new X509CertChain instance.
  4. To add the root certificate, call the create function of the TrustedRootChains interface.

    If the operation is successful, the system returns the unique identifier of the trusted root certificate you added.