To ensure that Cloud Foundation can successfully pass authentication when replacing certificates, you must create the certificate service template with the proper basic authentication configuration through the IIS manager.


  1. Create a Microsoft Active Directory CA with the following features and settings.
    1. Navigate to Select server roles.
    2. Under Active Director Certificate Services, select Certification Authority and Certification Authority Web Enrollment.
    3. Under Web Server (IIS) > Web Server > Security, select Basic Authentication.
  2. Configure and issue a VMware Certificate Template for Machine SSL and Solution User certificates on this CA server.
  3. Configure the certificate service template and all sites (including default web site) for basic authentication.
    1. Access the IIS manager and navigate to Server > Sites > Default Web Site > CertSrv.
    2. Select the Authentication property in the IIS header.
    3. Select and enable Basic Authentication.
    4. Restart the site.

What to do next

Use this template when configuring the certificate authority in Configure a Microsoft Certificate Authority.