If there is not yet a certificate for the KDC server that you will be using, you will need to generate one.
Note:
The KDC certificate is used as part of the Kerberos PKINIT mutual authentication mechanism. If you already have a KDC certificate installed on your Active Directory Domain Controllers, you don't need to perform this task