Virtualization
VMware vSphere
Configure TLS certificates in vCenter Server
3 min
the steps in the previous section made vcenter trust the {{ch}} to make the {{ch}} trust vcenter, perform the following tasks use openssl to extract the tls client private key from the pkcs #12 file packaged inside the endpoint zip downloaded from cryptohub upload the tls client certificate and private key into vcenter with the vsphere client after you complete these steps, vcenter server and the {{ch}} can establish a tcp/ip session secured by tls, making it possible for kmip connections, and therefore encryption operations, to occur use openssl to extract the tls client private key from the encrypted pkcs #12 file perform the following steps extract the endpoint zip file downloaded from {{ch}} in the deploy new client endpoint on the cryptohub docid\ mpthv5oqqnkml5buntieg section open a terminal application that has openssl installed and navigate into the extracted endpoint zip directory run the following openssl command to extract the client private key from the pkcs #12 file openssl pkcs12 in pki p12 nocerts out client privatekey pem nodes when prompted for the import password , copy and paste the value contained inside the pki password txt file upload the tls client certificate and private key into vcenter perform the following steps log in to the vcenter server system with the vsphere client browse the inventory list and select the vcenter server instance select \[ configure ] and select key providers under security select the {{ch}} key provider the kms for the key provider is displayed select the {{ch}} kms, expand the menu, and select \[ trust vcenter ] in the make kms trust vcenter section select the kms certificate and private key method and select \[ next ] upload the kms certificate ( client cert pem ) and private key ( client privatekey pem ) to vcenter to establish the trust select \[ establish trust ] the connection status column should now have a green checkmark and say connected the vcenter certificate and kms certificate columns should also show green checkmarks, with certificate validity dates in the future