You must set up a certificate template in the Microsoft Certificate Authority. The template contains the certificate authority attributes for signing certificates for the VMware Cloud Foundation components. After you create the template, you add it to the certificate templates of the Microsoft Certificate Authority.
Procedure
- Log in to the Active Directory server by using a Remote Desktop Protocol (RDP) client.
|
|
| FQDN |
Active Directory Host |
| User |
Active Directory administrator |
| Password |
ad_admin_password |
- Click , enter certtmpl.msc, and click OK.
- In the Certificate Template Console window, under Template Display Name, right-click Web Server and select Duplicate Template.
- In the Properties of New Template dialog box, click the Compatibility tab and configure the following values.
| Setting |
Value |
| Certification Authority |
Windows Server 2008 R2 |
| Certificate recipient |
Windows 7 / Server 2008 R2 |
- In the Properties of New Template dialog box, click the General tab and enter a name for example, VMware in the Template display name text box.
- In the Properties of New Template dialog box, click the Extensions tab and configure the following.
- Click Application Policies and click Edit.
- Click Server Authentication, click Remove, and click OK.
- Click Basic Constraints and click Edit.
- Click the Enable this extension check box and click OK.
- Click Key Usage and click Edit.
- Click the Signature is proof of origin (nonrepudiation) check box, leave the defaults for all other options and click OK.
- In the Properties of New Template dialog box, click the Subject Name tab, ensure that the Supply in the request option is selected, and click OK to save the template.
- Add the new template to the certificate templates of the Microsoft CA.
- Click , enter certsrv.msc, and click OK
- In the Certification Authority window, expand the left pane, right-click Certificate Templates, and select .
- In the Enable Certificate Templates dialog box, select VMware, and click OK.
