Once a certificate request is generated, it must be submitted to a certificate authority and processed to receive a valid X.509 certificate. In cases where the virtualization environment will require internal trust, an internal CA can be used. One of the more common CAs that will most likely already exist in the environment is a Windows CA.
In order to proceed, we require access to a browser, preferably Internet Explorer Version 9 or higher to connect to the Windows CA.
Ensure that the account used for login has rights to request a certificate from the Windows CA. In our example, the user is a member of the domain admins group for simplicity; however, any authenticated user can request a certificate by default.
To proceed further, a certificate request must have been previously generated from the automation tool or an open SSL tool.