Before you can use the Microsoft Certificate Authority and the pre-configured template, it is recommended to configure least privilege access to the Microsoft Active Directory Certificate Services using an Active Directory user account as a restricted service account.
Procedure
- Log in to the Microsoft Certificate Authority server by using a Remote Desktop Protocol (RDP) client.
|
|
| FQDN |
Active Directory Host |
| User |
Active Directory administrator |
| Password |
ad_admin_password |
- Configure least privilege access for a user account on the Microsoft Certificate Authority.
- Click , enter certsrv.msc, and click OK.
- Right-click the certificate authority server and click Properties.
- Click the Security tab, and click Add.
- Enter the name of the user account and click OK.
- In the Permissions for .... section configure the permissions and click OK.
| Setting |
Value (Allow) |
| Read |
Deselected |
| Issue and Manage Certificates |
Selected |
| Manage CA |
Deselected |
| Request Certificates |
Selected |
- Configure least privilege access for the user account on the Microsoft Certificate Authority Template.
- Click , enter certtmpl.msc, and click OK.
- Right-click the VMware template and click Properties.
- Click the Security tab, and click Add.
- Enter the svc-vcf-ca service account and click OK.
- In the Permissions for .... section configure the permissions and click OK.
| Setting |
Value (Allow) |
| Full Control |
Deselected |
| Read |
Selected |
| Write |
Deselected |
| Enroll |
Selected |
| Autoenroll |
Deselected |
