Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

The steps in the previous section made vCenter trust the CryptoHub. To make the CryptoHub trust vCenter, perform the following tasks:
  1. Use OpenSSL to extract the TLS client private key from the PKCS #12 file packaged inside the Endpoint zip downloaded from CryptoHub.
  2. Upload the TLS client certificate and private key into vCenter with the vSphere Client.
After you complete these steps, vCenter Server and the CryptoHub can establish a TCP/IP session secured by TLS, making it possible for KMIP connections, and therefore encryption operations, to occur.

Use OpenSSL to extract the TLS client private key from the encrypted PKCS #12 file

Perform the following steps:
1
Extract the Endpoint zip file downloaded from CryptoHub in theDeploy new client endpoint on the CryptoHub section.
2
Open a terminal application that has OpenSSL installed and navigate into the extracted Endpoint zip directory.
3
Run the following OpenSSL command to extract the client private key from the PKCS #12 file:
Shell
openssl pkcs12 -in pki.p12 -nocerts -out client-privatekey.pem -nodes
When prompted for theImport Password, copy and paste the value contained inside the pki-password.txt file.

Upload the TLS client certificate and private key into vCenter

Perform the following steps:
1
Log in to the vCenter Server system with the vSphere Client.
2
Browse the inventory list and select the vCenter Server instance.
3
Select [ Configure ]* and select** Key Providers under Security**.
4
Select the CryptoHub key provider. The KMS for the key provider is displayed.
5
Select the CryptoHub KMS, expand the menu, and select [ Trust vCenter ] in the Make KMS trust vCenter section.
6
Select the KMS certificate and private key method and select [ Next ].
7
Upload the KMS certificate (client-cert.pem) and private key (client-privatekey.pem) to vCenter to establish the trust.
8
Select [ Establish Trust ].
The Connection Status column should now have a green checkmark and say Connected. The vCenter Certificate and KMS Certificate columns should also show green checkmarks, with certificate validity dates in the future.