Delivery of trusted internal certificates can be a good way to avoid warning when users connect to Vmware solutions. This part will describe the creation of a default template certificate that will use on the VMware Infrastructure that we will deploy.
Vmware provides a kb to do this :
Right click on Web Server certificate and select the option Duplicate Template
Select the compatibility level of the Certification Autority and Certificate recipient.
On the “General” tab, define the display name and the name of the template that you will use. In my case, default Template name and display name are : “vSphere 6.5”
On the “Extensions” tab, select Application Policies and click on “Edit …”
Select Application policies and click “Remove”. Do the same for Client Authentication if needed.
Select “Key Usage” and click on “Edit”
Select “Signature is proof of origin (nonrepudiation)” and leave the other option as origin.
Select “Subject Name” tab and validate that “Supply in the request” is checked.
The certificate template is created but no accessible.
Right click on “Certficate Template” folder and select New->Certificate Template fo Issue.
The certificate we created does not appear. We need to wait the replication about the template to all domain controllers … or …
… or we can stop the service
… then start the service
And the vCenter 6.5 template is available now … . Select it and click on “OK”
This configuration is realized. This certificate model is usable with vSphere 6.5 but not for VMCA as a Subordonate CA.
Let’s go on the other parts …