Yep. Step by step.
i used this guide to create the ca template for the vc
and this guide for the nsx cert.
but still, both chrome and edge (canari dev version) and ie11 show the certificate as "Not secured"
From other certificates I recently created I know that modern browsers are requesting also the "Subject Alt. Name" field also.