If you do not have an existing certificate authority (CA), such as ADCS, you need to install the Microsoft Active Directory Certificate Services Tools (ADCS Tools) to perform this operation.

To request domain controller certificates from Nexus:

1. For each domain controller:
   1. Log in to the domain controller.
   2. Start the Microsoft Management Console (MMC).
   3. Add the Certificates Snap-IN, select Computer Account.
   4. Right-click on the folder Personal – Certificates and select -> Create Custom Request. Click Next.
   5. Select the template “Kerberos Authentication” and PKCS#10 as format. Click Next.
   6. Save the file, name the file with the domain controllers full FQDN, example dc1.example.com
2. Create a zip file including all the request files and send it to your Nexus contact.
   
   When Nexus receives these request files, we will manually issue the certificates and send them back.

When Nexus receives these request files, we will manually issue the certificates and send them back.

To import the received certificates in the truststore.

1. After you received them you must import them into each domain controller’s personal truststore.
2. To import them, start MMC console and load Certificates -> Computer Account snap-pin and right click and select import.