You first set up a Microsoft Certificate Authority template on the Active Directory (AD) servers for the region. The template contains the certificate authority (CA) attributes for signing certificates for the SDDC components. After you create the template, you add it to the certificate templates of the Microsoft CA.

Procedure

  1. Log in to the Active Directory server using a Remote Desktop Protocol (RDP) client.
    1. Log in using the following credentials.

      Setting

      Value

      User

      Active Directory administrator

      Password

      ad_admin_password

  2. Click Start > Run, enter certtmpl.msc, and click OK.
  3. In the Certificate Template Console, under Template Display Name, right-click Web Server and select Duplicate Template.
  4. In the Duplicate Template dialog box, leave Windows Server 2003 Enterprise selected for backward compatibility and click OK.
  5. In the Properties of New Template dialog box, click the General tab.
  6. In the Template display name text box, enter VMware.
  7. Click the Extensions tab and configure the following.
    1. Select Application Policies and click Edit.
    2. Select Server Authentication, click Remove, and click OK.
    3. If the Client Authentication policy is present, select it, click Remove, and click OK.
    4. Select Key Usage and click Edit.
    5. Select the Signature is proof of origin (nonrepudiation) check box.
    6. Leave the default for all other options.
    7. Click OK.
  8. Click the Subject Name tab, ensure that the Supply in the request option is selected, and click OK to save the template.
  9. Add the new template to the certificate templates of the Microsoft CA.
    1. Click Start > Run, enter certsrv.msc, and click OK
    2. In the Certification Authority window, expand the left pane, right-click Certificate Templates, and select New > Certificate Template to Issue.
    3. In the Enable Certificate Templates dialog box, select VMware, and click OK.