Install the Certificate Authority and Certificate Authority Web Enrollment roles on the Microsoft Certificate Authority server to facilitate certificate generation from SDDC Manager.


When connecting SDDC Manager to Microsoft Active Directory Certificate Services, ensure that Web Enrollment role is installed on the same machine where the Certificate Authority role is installed. SDDC Manager can't request and sign certificates automatically if the two roles (Certificate Authority and Web Enrollment roles) are installed on different machines.


  1. Log in to the Microsoft Certificate Authority server by using a Remote Desktop Protocol (RDP) client.


    Active Directory Host


    Active Directory administrator



  2. Add roles to Microsoft Certificate Authority server.
    1. Click Start > Run, enter ServerManager, and click OK.
    2. From the Dashboard, click Add roles and features to start the Add Roles and Features wizard.
    3. On the Before you begin page, click Next.
    4. On the Select installation type page, click Next.
    5. On the Select destination server page, click Next.
    6. On the Select server roles page, under Active Directory Certificate Services, select Certification Authority and Certification Authority Web Enrollment and click Next.
    7. On the Select features page, click Next.
    8. On the Confirm installation selections page, click Install.