This article provides information on manually configuring a new Certificate Authority (CA) template based on the Web Server template located in the Certificate Authority Root or Subordinate server for use with SSL certificate implementation in VMware vSphere 5.x.
By default, the Certificate Authority role in Windows Server 2008 and later do not include
Data Encipherment,
Nonrepudiation, or
Client Authentication on the Web Server template. vSphere 5.0 requires the use of
Nonrepudiation and
Client Authentication on the generated CA certificates; vSphere 5.1 and 5.5 require
Data Encipherment on the generated CA certificates.
For more information