If your Microsoft certificate authority is already setup and has a VMware template continue with the below instructions. Otherwise follow the official VMware article to assist with setting up one from scratch. The below was tested on VCF 4.4.1.0.
First thing make your IIS is setup for https and with an SSL certificate matching your FQDN of your CA. Below example
Make sure basic authentication is enabled from IIS as well
Login to sddc Manger
Expand administration > Click Security > Click Certificate Management > Click Edit
Select Microsoft has CA
Put in the the url of your CA – https://FQDNofCA/certsrv
Account that has privileges
Password
The exact name of the template in your certificate authority Template
Click Save
Click accept
Now you should be able to generate csrs, generate signed certificates and install certificates from sddc manager