VMware – Create default SSL Template on Windows 2016 CA

Delivery of trusted internal certificates can be a good way to avoid warning when users connect to Vmware solutions. This part will describe the creation of a default template certificate that will use on the VMware Infrastructure that we will deploy.

Vmware provides a kb to do this :



Launch certtmpl.msc



Right click on Web Server certificate and select the option Duplicate Template










Select the compatibility level of the Certification Autority and Certificate recipient.














On the “General” tab, define the display name and the name of the template that you will use. In my case, default Template name and display name are : “vSphere 6.5”













On the “Extensions” tab, select Application Policies and click on “Edit …”














Select Application policies and click “Remove”. Do the same for Client Authentication if needed.














Select “Key Usage” and click on “Edit”












Select “Signature is proof of origin (nonrepudiation)” and leave the other option as origin.












Select “Subject Name” tab and validate that “Supply in the request” is checked.








The certificate template is created but no accessible.



Right click on “Certficate Template” folder and select New->Certificate Template fo Issue.







The certificate we created does not appear. We need to wait the replication about the template to all domain controllers … or …





… or we can stop the service



… then start the service





And the vCenter 6.5 template is available now … . Select it and click on “OK”






This configuration is realized. This certificate model is usable with vSphere 6.5 but not for VMCA as a Subordonate CA.


Let’s go on the other parts …

Leave a Reply

Your email address will not be published. Required fields are marked *