Assign Certificate Management Privileges to the SDDC Manager Service Account
Before you can use the Microsoft Certificate Authority and the pre-configured template, it is recommended to configure least privilege access to the Microsoft Active Directory Certificate Services using an Active Directory user account as a restricted service account.
- Create a user account in Active Directory with Domain Users membership. For example,svc-vcf-ca.
- Log in to the Microsoft Certificate Authority server by using a Remote Desktop Protocol (RDP) client.FQDNActive Directory HostUserActive Directory administratorPasswordad_admin_password
- Configure least privilege access for a user account on the Microsoft Certificate Authority.
- Click , entercertsrv.msc, and clickOK.
- Right-click the certificate authority server and clickProperties.
- Click theSecuritytab, and clickAdd.
- Enter the name of the user account and clickOK.
- In thePermissions for ....section configure the permissions and clickOK.SettingValue (Allow)ReadDeselectedIssue and Manage CertificatesSelectedManage CADeselectedRequest CertificatesSelected
- Configure least privilege access for the user account on the Microsoft Certificate Authority Template.
- Click , entercerttmpl.msc, and clickOK.
- Right-click the VMware template and clickProperties.
- Click theSecuritytab, and clickAdd.
- Enter thesvc-vcf-caservice account and clickOK.
- In thePermissions for ....section configure the permissions and clickOK.SettingValue (Allow)Full ControlDeselectedReadSelectedWriteDeselectedEnrollSelectedAutoenrollDeselected