To take advantage of virtual machines encryption feature in VMware vSphere, the KMS Server and the vCenter Server must be properly configured to establish a connection.
Once the KMS Server has been installed and configured, the vCenter Server must be configured accordingly to establish a trust with the KMS.
vSphere VMs encryption: KMS Server installation - pt.1
vSphere VMs encryption: setup vCenter Server - pt.2
vSphere VMs encryption: encrypt virtual machines - pt.3
Setup the vCenter Server
From the vSphere Web Client, right click the vCenter Server and select Settings.
In Configure tab select the Key Management Servers option under More and click Add KMS icon to add the KMS Server previously configured.
Specify the required parameters and click OK to save the configuration. Optionally the User name to use is the user created during the KMS configuration.
Since it's the first KMS cluster configured, click Yes to set it as default.
Click Trust button in the displayed certificate.
The KMS Server has been added. Note the Connection Status is reported as Cannot establish a trust relationship.
Next step is to establish a trust relationship between the vCenter Server and the KMS Server. From All Actions drop-down menu select Establish trust with KMS.
Select Upload certificate and private key option then click OK.
You need to upload the file username.pem downloaded from the KMS Server twice. Click the Upload file button for the KMS certificate and the private key then select the username.pem certificate (VCSA.pem in the example) and click Upload file.
After selecting the file twice, click OK to upload the certificate.
When the certificate has been imported, the Connection Status is reported as Normal.
The trust between the KMS Server and the vCenter Server has been established successfully. Part 3 will cover the final step of the procedure, that is the encryption of the virtual machines.