You configure a connection between SDDC Manager and the Microsoft Certificate Authority by entering your service account credentials.
- Verify connectivity between SDDC Manager and the Microsoft Certificate Authority Server. See VMware Ports and Protocols.
- Verify that the Microsoft Certificate Authority Server has the correct roles installed on the same machine where the Certificate Authority role is installed. See Install Microsoft Certificate Authority Roles.
- Verify the Microsoft Certificate Authority Server has been configured for basic authentication. See Configure the Microsoft Certificate Authority for Basic Authentication.
- Verify a valid certificate template has been configured on the Microsoft Certificate Authority. See Create and Add a Microsoft Certificate Authority Template.
- Verify least privileged user account has been configured on the Microsoft Certificate Authority Server and Template. See Assign Certificate Management Privileges to the SDDC Manager Service Account.
- Verify that time is synchronized between the Microsoft Certificate Authority and the SDDC Manager appliance. Each system can be configured with a different timezone, but it is recommended that they receive their time from the same NTP source.
- In the navigation pane, click .
- Click Edit.
- Configure the settings and click Save.
CA Server URL
Specify the URL for the issuing certificate authority.
This address must begin with https:// and end with certsrv. For example, https://ca.rainpole.io/certsrv.
Enter a least privileged service account. For example, svc-vcf-ca.
Enter the password for the least privileged service account.
Enter the issuing certificate template name. You must create this template in Microsoft Certificate Authority. For example, VMware.
- In the CA Server Certificate Details dialog box, click Accept.