Virtualization
VMware vSphere

Configure TLS certificates in vCenter Server

3min
the steps in the previous section established vcenter trust for the {{ch}} this section establishes the {{ch}} trust for vcenter by performing the following tasks generate a certificate signing request (csr) in the vcenter server system with the vsphere client, sign the csr by using the certificate authority (ca) import the signed certificate back into the vcenter server system with the vsphere client after you complete these steps, vcenter server and the {{ch}} can establish a tcp/ip session secured by tls, making it possible for kmip connections, and therefore encryption operations, to occur generate a csr with the vsphere client perform the following steps to generate a csr log in to the vcenter server system with the vsphere client browse the inventory list and select the vcenter server instance select \[ configure ] and select key providers under security select the {{ch}} key provider the kms for the key provider is displayed select the {{ch}} kms, select the establish trust drop down menu, and select make kms trust vcenter select the new certificate signing request (csr) method and select \[ next ] in the dialog box, select \[ download ] to download the csr to a file copy the csr to the storage medium configured for the {{ch}} select \[ done ] sign the vsphere csr by using a ca created on the {{ch}} refer to the {{ch}} user guide for guidance on how to create a certificate authority and issue a certificate from the vsphere csr import the signed vsphere certificate into vcenter server perform the following steps to import the certificate log in to the vcenter server system with the vsphere client browse the inventory list and select the vcenter server instance select \[ configure ] and select key providers under security select the {{ch}} key provider in the menu at the bottom, select the {{ch}} kms, select the \[ establish trust ] drop down menu, and select upload signed csr certificate select \[ upload a file ] , and select the signed vcenter certificate t the certificate contents should populate in the window select \[ upload ] the connection status column should now have a green checkmark and say connected the vcenter certificate and kms certificate columns should also show green checkmarks, with certificate validity dates in the future
Updated 03 Dec 2024
Did this page help you?
PREVIOUS
Register the CryptoHub as a Standard Key Provider in vCenter Server
NEXT
Encrypt VM and vSAN in vSphere
Docs powered by Archbee