Before you can use the Microsoft Certificate Authority and the pre-configured template, it is recommended to configure least privilege access to the Microsoft Active Directory Certificate Services using an Active Directory user account as a restricted service account.
Procedure
- Log in to the Microsoft Certificate Authority server by using a Remote Desktop Protocol (RDP) client.
|
|
FQDN |
Active Directory Host |
User |
Active Directory administrator |
Password |
ad_admin_password |
- Configure least privilege access for a user account on the Microsoft Certificate Authority.
- Click , enter certsrv.msc, and click OK.
- Right-click the certificate authority server and click Properties.
- Click the Security tab, and click Add.
- Enter the name of the user account and click OK.
- In the Permissions for .... section configure the permissions and click OK.
Setting |
Value (Allow) |
Read |
Deselected |
Issue and Manage Certificates |
Selected |
Manage CA |
Deselected |
Request Certificates |
Selected |
- Configure least privilege access for the user account on the Microsoft Certificate Authority Template.
- Click , enter certtmpl.msc, and click OK.
- Right-click the VMware template and click Properties.
- Click the Security tab, and click Add.
- Enter the svc-vcf-ca service account and click OK.
- In the Permissions for .... section configure the permissions and click OK.
Setting |
Value (Allow) |
Full Control |
Deselected |
Read |
Selected |
Write |
Deselected |
Enroll |
Selected |
Autoenroll |
Deselected |