Re-establishing Trust between vCenter and KMS cluster after certificate replacement.
search cancel

Re-establishing Trust between vCenter and KMS cluster after certificate replacement.

book

Article ID: 396741

calendar_today

Updated On:

Products

VMware vSphere Standard VMware vSphere Foundation VMware vSAN

Issue/Introduction

Trust must be re-established between vCenter and the remote KMS cluster after replacing certificates in a vSphere environment or the KMS servers that is configured to use a KMS Cluster for encryption.

Environment

vSphere (All Versions)

vSAN (All Versions)

 

Resolution

After certificate replacement in the environment perform the steps from document Establish a Standard Key Provider Trusted Connection by Exchanging Certificates to re-establish the trust between vCenter and the KMS cluster

  • Navigate to the 
    vCenter Server
    .
  • Click 
    Configure
     and select 
    Key Providers
     under 
    Security
    .
  • Select the key provider.
    The KMS for the key provider is displayed.
  • Select the KMS.
  • From the 
    Establish Trust
     drop-down menu, select 
    Make KMS trust vCenter
    .
  • Select the option appropriate for your server and follow the steps.

Note: we provide 4 different options to ensure compatibility with different KMS servers. Consult with your KMS vendor to determine which option is specific to your server.

 

    Additional Information

    These steps are specifically for a vSphere environment configured with an external KMS server. If certs are self signed using the internal VMCA see the following steps for certificate replacement, re-establishing trust is not necessary in that case. See Regenerate vSphere 6.x, 7.x, and 8.0 certificates using self-signed VMCA

    Powered by Wolken Software