1. Click Certificate Authorities under Enterprise Integration.
2. Click Add under the Certificate Authorities tab.

1. Enter CONTROLCENTER CA
2. Select Microsoft ADCS
3. Select ADCS
4. Enter controlcenter.corp.local for Server Hostname
5. Enter corp-CONTROLCENTER-CA for Authority Name
6. Enter corp\imaservice for User name
7. Enter VMware1! for Password
8. Enter VMware1! for Confirm Password
9. Click Test Connection. A "Test is successful" message will appear on the top.
10. Click Save and Add Template

In this step you will add the certificate template that associates the certificate authority used to generate the user's certificate.

The properties of this certificate template must match the template defined on the CA, otherwise user won't be able to authenticate later using the Certificate.

1. For the Name of Template enter any unique name of your preference.
2. Select CONTROLCENTER CA for Certificate Authority
3. Enter certificatetemplate:MobileUser for Issuing Template
4. Enter CN={EnrollmentUser} for Subject Name
5. Select 2048 for Private Key Length
6. Select both the Signing and Encryption options for Private Key Type
7. Add SAN Type as Email Address and {Email Address}
8. Add a second SAN Type as User Principal Name and {UserPrincipalName}
9. Select Enable Certificate Revocation
10. Click Save

1. Click the Certificate Authorities tab.
2. Click Refresh if needed.
3. Confirm the CONTROLCENTER CA Certificate Authority was added.

There are several ways to validate the Certificate Template available on Microsoft CA, when using Enterprise Microsoft CA you just need open the Certificate Authority and you will see a folder named Certificate Template, when using Standalone CA, our case in this lab, you can use mmc.exe to see the list of templates.

To facilitate, we added a shortcut on the Task Bar of your Desktop that launch a MMC instance with the Certificate Templates already added as Snap-in

Click the MMC shortcut from the task bar.