Breadcrumbs

Establish trust between vCenter and ESKM

  1. Click TRUST in the “Make vCenter Trust KMS” window and click on “MAKE KMS TRUST VCENTER”.

image-20260317-153638.png

Make vCenter Trust KMS Dialog window

image-20260317-153726.png

Steps to stablish trust between vCenter and ESKM

  1. Navigate to Choose a method, Select “New Certificate Signing Request (CSR)” and click NEXT.

image-20260317-171043.png

Method selection for trust stablishment

  1. In “Submit CSR to KMS”, click on COPY to copy the certificate request. Alternatively, click on DOWNLOAD to download the certificate request.

Captura desde 2026-03-17 15-33-34-20260317-143334.png

Submit CSR to KMS dialog window

  1. Click on DONE.

  1. Go to ESKM and click on Security > Certificates & CAs > Local CAs.

  2. Select the CA, and then click Sign Request.

image-20260317-153410.png

Local Certificate Authority List window

  1. Set “Certificate Purpose” to Client.

  2. Paste the certificate request generated by the client application into the certificate request field.

  3. Click Sign Request.

image-20260317-153930.png

Sign Certificate Request window

image-20260317-154019.png

CA Certificate Information window

  1. Please note down the Common Name (CN) from the certificate information page and download the certificate.

  2. Open the Management Console of the ESKM and navigate to Security > Local Users & Groups > Local Users.

  3. At the bottom of the list, click Add.

  4. The Create Local User window appears.

  5. Create a KMIP local user in ESKM and provide the signed certificate content.

The “Username” must match with the noted “Common Name (CN)”.

image-20260317-154338.png

Create Local User dialog window

image-20260317-154426.png

Selected Local User

  1. Go to vCenter and click on Establish Trust > “Upload Signed CSR Certificate”.

image-20260317-154846.png

Upload Signed Certificate Menu

  1. Click UPLOAD A FILE and select the downloaded certificate from ESKM.

image-20260317-155438.png

Upload Signed CSR Certificate

  1. Click on UPLOAD to confirm trust.

  2. Confirm that the ESKM server is accessible and connected.

image-20260317-155517.png

Cpmpleted trust stablishment process

  1. Click on EDIT in the key Provider then ADD KMS to add another ESKM server to the existing cluster and allow failover.

  2. Enter the details to add a Key Management Server (ESKM).

image-20260317-163717.png

Add Standard Key Provider for second ESKM

  1. Review the input information and click ADD.

  2. Click TRUST to make the vCenter trust KMS.

image-20260317-165530.png

Make vCenter Trust KMS on second ESKM

  1. Confirm both the ESKM servers are accessible.

image-20260317-165603.png

Completed trust stablishment process on second ESKM

ESKM will be successfully integrated with VMware by following the procedure described above. Please follow the VMware policy guidelines to encrypt the VMs/ VSAN.