Before you can use SDDC Manager to generate Microsoft Certificate Authority signed certificates for the SDDC components, verify that your environment fulfills the requirements for this process.

This design sets the Certificate Authority service on the Active Directory (AD) (root CA) server. Verify that your environment satisfies the following prerequisites for generating signed certificates for the components of the SDDC.

Certificate Generation Prerequisites for Your Active Directory

  • Use a hashing algorithm of SHA-256 or higher on the certificate authority.

  • Verify that relevant firewall ports relating to the Microsoft Certificate Authority and related services are open.

  • Verify that required the Active Directory service account is created.