Configure a Microsoft Certificate Authority

Before you can generate and install certificates, you must configure a certificate authority (CA).

Prerequisites

Verify that the Microsoft Certificate Authority Server has the correct roles installed. See Install Microsoft Certificate Authority Roles.
Verify the Microsoft Certificate Authority Server has been configured for basic authentication. See Configure the Microsoft Certificate Authority for Basic Authentication.
Verify a valid certificate template has been configured on the Microsoft Certificate Authority. See Create and Add a Microsoft Certificate Authority Template.
Verify least privileged service account has been configured on the Microsoft Certificate Authority Server and Template. See Assign Certificate Management Privileges to the SDDC Manager Service Account.

Note: If the CA Web server and CA are on different machines, you must perform the steps mentioned in https://blogs.technet.microsoft.com/askds/2009/04/22/how-to-configure-the-windows-server-2008-ca-web-enrollment-proxy/ in addition to the following steps.

Navigate to Administration > Security > Certificate Management to open the Configure Certificate Authority page.

Click Edit and complete the following configuration settings.

Option	Description
Certificate Authority	Select the CA from the drop-down menu. The default is `Microsoft`.
CA Server URL	Specify the URL for the CA address server. This address must begin with `https://` and end with `certsrv`, for example `https://www.mymicrosoftca.com/certsrv`
Username	Provide a valid user name to enable access to the address server.
Password	Provide a valid password to enable access to the address server.
Template Name	Enter the certsrv template name. You must create this template in Microsoft Certificate Authority.

Click Save.
A dialog box appears, asking you to review and confirm the CA server certificate details.
Click Accept to complete the configuration.

The Microsoft CA is now available for use in generating and installing a certificate.