Configure a Microsoft Certificate Authority in SDDC Manager

You configure a connection between SDDC Manager and a Microsoft Certificate Authority by entering your service account credentials.

Prerequisites

Verify connectivity between SDDC Manager and the Microsoft Certificate Authority Server. See VMware Ports and Protocols.
Verify that the Microsoft Certificate Authority Server has the correct roles installed on the same machine where the Certificate Authority role is installed. See Install Microsoft Certificate Authority Roles.
Verify the Microsoft Certificate Authority Server has been configured for basic authentication. See Configure the Microsoft Certificate Authority for Basic Authentication.
Verify a valid certificate template has been configured on the Microsoft Certificate Authority. See Create and Add a Microsoft Certificate Authority Template.
Verify least privileged user account has been configured on the Microsoft Certificate Authority Server and Template. See Assign Certificate Management Privileges to the SDDC Manager Service Account.
Verify that time is synchronized between the Microsoft Certificate Authority and the SDDC Manager appliance. Each system can be configured with a different timezone, but it is recommended that they receive their time from the same NTP source.

Configure the settings and click Save.


Setting	Value
Certificate Authority Type	Microsoft
CA Server URL	Specify the URL for the issuing certificate authority. This address must begin with https:// and end with certsrv. For example, https://ca.rainpole.io/certsrv.
User Name	Enter a least privileged service account. For example, svc-vcf-ca.
Password	Enter the password for the least privileged service account.
Template Name	Enter the issuing certificate template name. You must create this template in Microsoft Certificate Authority. For example, VMware.