Before you deploy the SDDC, you must configure a certificate authority and generate certificate files for the management products. According to this validated design you replace the default VMCA- or self-signed certificates of the SDDC management products with certificates that are signed by a Certificate Authority (CA) during deployment.

Use the Certificate Generation Utility CertGenVVD for automatic generation of Certificate Signing Requests (CSRs) and CA-signed certificate files for all VMware management products that are deployed in this validated design.  

VMware Validated Design comes with the CertGenVVD utility that you can use to save time in creating signed certificates. The utility generates CSRs, OpenSSL CA-signed certificates, and Microsoft CA-signed certificates. See VMware Knowledge Base article 2146215.

If the CertGenVVD utility is not an option for deployment, follow the validated manual steps to create certificates. 

1

You create a Microsoft Certificate Authority Template to contain the certificate authority (CA) attributes for signing certificates of VMware SDDC solution.

2

Use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates that are signed by the Microsoft certificate authority (MSCA) for all management product with a single operation.

3

When you replace the default certificates of the SDDC management products, you can manually generate certificate files that are signed by the intermediate Certificate Authority (CA). You have set up the Certificate Authority earlier on the Active Directory server.