Before you generate MSCA signed certificates for the SDDC components, verify that your environment fulfills the requirements for this process.

This VMware Validated Design sets the Certificate Authority service on the Active Directory (AD) dc01rpl.rainpole.local (root CA) server. Verify that your environment satisfies the following prerequisites generating signed certificates for the components of the SDDC.

Certificate Generation Prerequisites

Prerequisite Value
Active Directory
  • Verify that the Certificate Authority Service role and the Certificate Authority Web Enrollment role are installed and configured on the Active Directory Server.
  • Verify that a new Microsoft Certificate Authority template is created and enabled.
  • Use a hashing algorithm of SHA-256 or higher on the certificate authority.
  • Verify that relevant firewall ports relating to the Microsoft Certificate Authority and related services are open.
Windows Host
  • Ensure the Windows host system where you connect to the data center and generate the certificates is joined to the domain of the Microsoft Certificate Authority.
  • Install Java Runtime Environment version 1.8 or later.
  • Configure the JAVA_HOME environment variable to the Java installation directory.
  • Update the PATH system variable to include the bin folder of Java installation directory.
  • Install OpenSSL toolkit version 1.0.2 for Windows.
  • Update the PATH system variable to include the bin folder of the OpenSSL installation directory.
Software Features
  • Fill in the Deployment Parameters XLS file for Region A. See Deployment Specification in the VMware Validated Design Planning and Preparation documentation.
Installation Packages
  • Download the file of the Certificate Generation Utility from VMware Knowledge Base article 2146215 and extract the ZIP file to the C: drive.