Replace the self-signed certificates with signed certificates from the Microsoft Certificate Authority by using SDDC Manager.
Procedure
- In the navigation pane, click .
- On the Workload Domains page, click View Details.
- Click a workload domain name and then click the Security tab.
- Generate CSR files for the target components.
- From the table, select the check box for the resource type for which you want to generate a CSR.
- Click Generate CSR.
- Configure the settings and click Generate CSR.
Option
Description
Algorithm
Select the key algorithm for the certificate.
Key Size
Select the key size (2048 bit, 3072 bit, or 4096 bit) from the drop-down menu.
Email
Optionally, enter a contact email address.
Organizational Unit
Use this field to differentiate between divisions within your organization with which this certificate is associated.
Organization
Type the name under which your company is known. The listed organization must be the legal registrant of the domain name in the certificate request.
Locality
Type the city or locality where your company is legally registered.
State
Type the full name (do not abbreviate) of the state, province, region, or territory where your company is legally registered.
Country
Type the country name where your company is legally registered. This value must use the ISO 3166 country code.
- Generate signed certificates for each component.
- From the table, select the check box for the resource type for which you want to generate a signed certificate for.
- Click Generate Signed Certificates.
- In the Generate Certificates dialog box, from the Select Certificate Authority drop-down menu, select Microsoft.
- Click Generate Certificates.
- Install the generated signed certificates for each component.
- From the table, select the check box for the resource type for which you want to install a signed certificate.
- Click Install Certificates.
