Before you deploy the SDDC, you must configure a certificate authority and generate certificate files for the management products. According to this validated design you replace the default VMCA- or self-signed certificates of the SDDC management products with certificates that are signed by a Certificate Authority (CA) during deployment.
Use the Certificate Generation Utility CertGenVVD for automatic generation of Certificate Signing Requests (CSRs) and CA-signed certificate files for all VMware management products that are deployed in this validated design.
VMware Validated Design comes with the CertGenVVD utility that you can use to save time in creating signed certificates. The utility generates CSRs, OpenSSL CA-signed certificates, and Microsoft CA-signed certificates. See VMware Knowledge Base article 2146215.
If the CertGenVVD utility is not an option for deployment, follow the validated manual steps to create certificates.