If your organization plans to use a Microsoft Certificate Authority instead of an external third party certificate authority, you must set up the Microsoft Certificate Authority template on the Microsoft Certificate Authority servers. The template contains the certificate authority (CA) attributes for signing certificates for the Cloud Foundation solutions. After you create the new template, you add it to the certificate templates in the Microsoft Certificate Authority.

Setting up a Microsoft Certificate Authority template involves creating a template and then adding that template to the certificate templates of the Microsoft Certificate Authority.


  1. Log in to the Microsoft Certificate Authority server by using a Remote Desktop Protocol (RDP) client.
  2. Click Windows Start > Run, enter certtmpl.msc, and click OK.
  3. On the Certificate Template Console, under Template Display Name, right-click Web Server and click Duplicate Template.
  4. In the Properties of New Template dialog box, leave Windows Server 2003 selected for backward compatibility.
  5. Click the General tab.
  6. In the Template display name text box, enter VMware as the name of the new template.
  7. Click the Extensions tab and specify extensions information.
    1. Select Application Policies and click Edit.
    2. Select Server Authentication, click Remove, and click OK.
    3. Select Client Authentication, click Remove, and click OK.
      If Client Authentication does not appear in Application Policies, then you can skip this step.
    4. Select Key Usage and click Edit.
    5. Select the Signature is proof of origin (nonrepudiation) check box.
    6. Leave the default for all other options. Click OK
  8. Click the Subject Name tab, ensure that the Supply in the request option is selected, and click OK to save the template.
  9. To add the new template to your Microsoft Certificate Authority, click Windows Start > Run, enter certsrv.msc, and click OK
  10. In the Certification Authority window, expand the left pane if it is collapsed.
  11. Right-click Certificate Templates and select New > Certificate Template to Issue.
  12. In the Name column of the Enable Certificate Templates dialog box, select the VMware certificate that you created and click OK.