I have experience in setting up HashiCorp Vault & Vault Enterprise ,i have setup an Intermediate signing authority in Vault, make a CSR for that Intermediate in a way that's compatible with Microsoft CA management tools, and create certificates using that Intermediate. I expect that this most likely works with with all versions of HashiCorp Vault Enterprise & Open Source greater than or equal to 0.8.0.