(Optional) You first set up a Microsoft Certificate Authority template on the Active Directory (AD) servers for the region. The template contains the certificate authority (CA) attributes for signing certificates for the SDDC components. After you create the template, you add it to the certificate templates of the Microsoft CA.

You create and configure the VMware certificate authority template to generate and sign the certificates for the management components in Region A. If the VMware certificate authority template exists and is added to the certificate templates of the Microsoft CA, you can skip this procedure.


  1. Log in to the Active Directory server using a Remote Desktop Protocol (RDP) client.
    1. Log in using the following credentials.




      Active Directory administrator



  2. Click Start > Run, enter certtmpl.msc, and click OK.
  3. In the Certificate Template Console, under Template Display Name, right-click Web Server and select Duplicate Template.
  4. In the Duplicate Template dialog box, leave Windows Server 2003 Enterprise selected for backward compatibility and click OK.
  5. In the Properties of New Template dialog box, click the General tab.
  6. In the Template display name text box, enter VMware.
  7. Click the Extensions tab and configure the following.
    1. Select Application Policies and click Edit.
    2. Select Server Authentication, click Remove, and click OK.
    3. If the Client Authentication policy is present, select it, click Remove, and click OK.
    4. Select Key Usage and click Edit.
    5. Select the Signature is proof of origin (nonrepudiation) check box.
    6. Leave the default for all other options.
    7. Click OK.
  8. Click the Subject Name tab, ensure that the Supply in the request option is selected, and click OK to save the template.
  9. Add the new template to the certificate templates of the Microsoft CA.
    1. Click Start > Run, enter certsrv.msc, and click OK
    2. In the Certification Authority window, expand the left pane, right-click Certificate Templates, and select New > Certificate Template to Issue.
    3. In the Enable Certificate Templates dialog box, select VMware, and click OK.