Adding KMS Server - User Guide for VMware vSphere (2024)
To add a KMS server, do the following:
From the main menu, select Credentials and Passwords > Key Management Servers.
In the Key Management Servers window, click Add.
In the Server field, specify the FQDN, IPv4 or IPv6 address of the server. By default, the port number 5696 is used.
In the Server certificate field, click Browse and specify a KMS server certificate. You can select one of the following options:
Select an existing certificate from the certificate store. You can specify a KMS server certificate if it is located in the Microsoft Windows certificate store.
Import certificate from a file. You can import a KMS server certificate from a file in the PFX, CER, or PEM format.
Note
If you use a server certificate in the PEM format, it must contain the -----BEGIN CERTIFICATE----- header at the beginning of the file and the -----END CERTIFICATE----- footer at the end of the file.
For more information about requirements that a server certificate must meet, see KMS Certificates.
In the Client certificate field, click Browse and specify the client certificate issued by the KMS administrator for VeeamBackup&Replication. You can select one of the following options:
Select an existing certificate from the certificate store. You can specify a client certificate issued by the KMS administrator for VeeamBackup&Replication if it is located in the Microsoft Windows certificate store.
Import certificate from a file. You can import a client certificate from a file in the PFX format.
Note
If you use a PEM-encoded file, select the Import certificate from a PEM file option.
Import certificate from a PEM file. You can import a client certificate from a PEM-encoded file. Consider the following:
You must have two separate PEM files for the certificate and private key.
The certificate must contain the -----BEGIN CERTIFICATE----- header at the beginning of the file and the -----END CERTIFICATE----- footer at the end of the file.
The private key must be in the PKCS#1 format. Also, it must contain the -----BEGIN RSA PRIVATE KEY----- header at the beginning of the file and the -----END RSA PRIVATE KEY----- footer at the end of the file.
For more information about requirements that a client certificate must meet, see KMS Certificates.
[Optional] In the Description field, provide the description for future reference.
Browse the inventory list and select the vCenter Server instance. Click Configure and click Key Management Servers. Click Add, specify the KMS information in the wizard, and click Add. Select Create new cluster for a new cluster.
Browse the inventory list and select the vCenter Server instance. Click Configure and click Key Management Servers. Click Add, specify the KMS information in the wizard, and click Add. Select Create new cluster for a new cluster.
Log in to the VMware Cloud Console at https://vmc.vmware.com. ) at the top right of the window, and select Identity & Access Management. You see a list of all the users currently in your Organization. Click Add Users.
Browse to Administration > Access > SSO Users and Groups in the vSphere Web Client.Type a user name and password for the new user. You cannot change the user name after you create a user. The password must meet the password policy requirements for the system.
Log in to the host using the vSphere Client, using the root userid. Click the Local Users & Groups tab and click Users. Right-click anywhere in the Users table and click Add to open the Add New User dialog. Enter a login name, a user name, and a password.
Navigate to the vCenter Server system.Click the Configure tab and click Key Management Servers under More.Select the cluster and click Set KMS cluster as default. Do not select the server.
Go to Control Panel > System and Security > Windows Firewall (or Windows Defender Firewall). Select Allow an app or feature through Windows Firewall. Select Change Settings, check Key Management Service, and select OK.
Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119
Phone: +2202978377583
Job: Administration Engineer
Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking
Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.