For my VCF lab, I am going to deploy external certificates to all the components. I have deployed a Windows enterprise root certificate authority and configured it for my lab domain. I also have configured it with a template specifically for VMware and enabled the web services.
There are a ton of blogs out there on how to complete this deployment, here is an example. Since there are so many other blogs that walkthrough this deployment, I am going to skip ahead and show how to configure this certificate authority with the VCF fleet manager.
Login to the VCF Operations web gui, expand Fleet Management and click Certificates
Click the Configure CA at the top right corner for VCF Management.
The only option presented at this level is Microsoft CA, enter in the URL, username, password and template for your certificate authority and click Save.
A notification will appear at the top if the connection is successful.
I noticed during my initial certificate deployment that configuring the CA at the VCF Management level only allows for replacing certificates on the appliances at this level with Microsoft CA certificates. You will need to configure CA at each instance level as well to be able to replace the certificates for those appliances.
You can return to my main VCF Lab page to follow along with this deployment.