Configure a Microsoft Certificate Authority
in SDDC Manager
You configure a connection between
SDDC
Manager
and the Microsoft Certificate
Authority by entering your service account credentials. - Verify connectivity betweenSDDC Managerand the Microsoft Certificate Authority Server. See VMware Ports and Protocols.
- Verify that the Microsoft Certificate Authority Server has the correct roles installed on the same machine where the Certificate Authority role is installed. See Install Microsoft Certificate Authority Roles.
- Verify the Microsoft Certificate Authority Server has been configured for basic authentication. See Configure the Microsoft Certificate Authority for Basic Authentication.
- Verify a valid certificate template has been configured on the Microsoft Certificate Authority. See Create and Add a Microsoft Certificate Authority Template.
- Verify least privileged user account has been configured on the Microsoft Certificate Authority Server and Template. See Assign Certificate Management Privileges to the SDDC Manager Service Account.
- Verify that time is synchronized between the Microsoft Certificate Authority and theSDDC Managerappliance. Each system can be configured with a different timezone, but it is recommended that they receive their time from the same NTP source.
- In the navigation pane, click .
- ClickEdit.
- Configure the settings and clickSave.SettingValueCertificate AuthorityMicrosoftCA Server URLSpecify the URL for the issuing certificate authority.This address must begin withhttps://and end withcertsrv. For example, https://ca.rainpole.io/certsrv.UsernameEnter a least privileged service account. For example, svc-vcf-ca.PasswordEnter the password for the least privileged service account.Template NameEnter the issuing certificate template name. You must create this template in Microsoft Certificate Authority. For example, VMware.
- In theCA Server Certificate Detailsdialog box, clickAccept.