Login to the windows CA issuing server and type certtmpl.msc which starts up the Certificate Templates Console.
Go to the Templates folder , right click and select Manage.
Look for the “Web Server” template , right click and duplicate it.
Make sure to select the proper template version according to the environment.
If you have an encryption level higher than SHA1, select Windows Server 2008 Enterprise.
Click on the General tab and name it “vsphere 6.0”
Click the Extensions tab.
Select Application Policies and click Edit.
Select Server Authentication and click Remove, then OK.
Next Select Usage, then click on Edit. Check the Signature is proof of origin (nonrepudiation) option. Leave all other options as default.Click Ok
Click the Subject Name tab
Ensure that the Supply in the request option is selected.
Run – MMC – Add certificate Authority – Right Click – certificate Templates – Find the vSphere 6.0 VMCA template and select it. Click OK.
Once done you can see the new template in the certificate web console.