Once the database is created by the configuration wizard, we need to assign permissions to it. If you are not comfortable managing your SQL database, your DBA can help you with this.
On the FIMCertificateManagement database, we need to allow the CA server and the FIM CM Update Service with the clmApp role.
Usually, this also means that we need to create the logins since these accounts never had any.
So what we need is to create logins for AD\CA$
and AD\svcFIMCMService
, and then assign them the clmApp role in the FIM CM database.