Configure TLS certificates in vCenter Server

the steps in the previous section established vcenter trust for the {{ch}} this section establishes the {{ch}} trust for vcenter by performing the following tasks generate a certificate signing request (csr) in the vcenter server system with the vsphere client, sign the csr by using the certificate authority (ca) import the signed certificate back into the vcenter server system with the vsphere client after you complete these steps, vcenter server and the {{ch}} can establish a tcp/ip session secured by tls, making it possible for kmip connections, and therefore encryption operations, to occur generate a csr perform the following steps to generate a csr with the vsphere client log in to the vcenter server system with the vsphere client browse the inventory list and select the vcenter server instance select \[ configure ] and select key providers under security select the {{ch}} key provider the kms for the key provider is displayed select the {{ch}} kms, select the establish trust drop down menu, and select make kms trust vcenter select the new certificate signing request (csr) method and select \[ next ] in the dialog box, select \[ download ] to download the csr to a file copy the csr to the storage medium configured for the {{ch}} select \[ done ] sign the vsphere csr refer to the {{ch}} user guide for guidance on how to create a certificate authority on {{ch}} and issue a certificate from the vsphere csr import the certificate perform the following steps to import the signed vsphere certificate into vcenter server log in to the vcenter server system with the vsphere client browse the inventory list and select the vcenter server instance select \[ configure ] and select key providers under security select the {{ch}} key provider in the menu at the bottom, select the {{ch}} kms, right click establish trust, and select upload signed csr certificate select \[ upload a file ] , and select the signed vcenter certificate the certificate contents should display in the window select \[ upload ] the connection status column should now have a green checkmark and say connected the vcenter certificate and kms certificate columns should also show green checkmarks, with certificate validity dates in the future