Without a CA, you are going to see that annoying warning as you connect to your vCenter, VCD, ESXi, vRealize that your connection is insecure. Signing them to a CA eliminates the need of accepting the warnings that arise every time you open a web session to connect VMware products. I am going to install CA on my existing AD server but on production, you should always have this role in a separate VM.
1- Open the Server Manager and then select Add Roles and Features.
2- Click Next to continue
3- Select role-based installation and click Next
4- Highlight the server we wish to install the CA role
5- Under the Server Roles, select the Active Directory Certificate Services.
Click Add Features to Continue
6- Once the Features are added, you will see the option ticked as shown
7- Click Next to Proceed
8- Click Next to Proceed
9– Select Certification Services Certification Authority & also Web Enrollment and click Next.
10– Click Next.
11- Click Next to Continue
12- Review and Click Install
10- Select Restart the destination server and Click Install
13- This will now take a few minutes
14- Once the ADCS role is installed, the results will show the state and will then need to do the post-install config
15- Under Server Manager dashboard > Choose to Configure CA
16- We now need to complete a few more tasks post-deployment of services for CA to work
17- Select Certificate Authority and Web Enrollment
17- Just keep the default options and click Next.
18- Tick Certification Authority and click Certificate Enrollment Web Service.
19- Choose Enterprise CA as our server is joined to the domain.
20- Deploy a Root CA. A subordinate CA Is chosen when you have a Root CA elsewhere where can make this new server a member.
21- Create a new private key for our CA
22- Choose the key length and Click Next to Continue
23- Provide the CA with a name and click Next.
24- For a lab, choose something like 5 years and click Next.
25- Click Next to Continue
26- Click Configure to finish the post-configuration process
27- Finally we have a CA Server ready for use
28- Launch Certification Authority from Tools – Certification Manager to view the list of CA’s issued
29-Â Validate if web enrollment works.
Exporting the Root CA Certificate
Step 1. Right-click and choose Properties. We can see Certificate #0 in the list which is the public certificate for the CA server. Click the View Certificate option
Step 2. This will show a summary view of our root CA
Step 3. Hover over to the Details tab
Step 4. Select Copy to File Option
Step 5. Select Base-64 and click Next.
Step 6. Choose a location on our server and click Next.
Step 7. Complete the wizard
Step 8. If we open the file, we will see something like this which we will need on the devices that need CA registration.