Istanbul/Turkey
selimatmaca@gmail.com

21- Configuration Manager HTTPS Communication and PKI Certificate Part 3

Client Certificate for Distribution Points:

Log on to Certification Authority, right click Certificates Templates and choose Manage. 

 

Right click on Workstation Authentication and select Duplicate Template. 

 

 

Choose windows Server 2003 Enterprise

 

 

Give a relevant name to the certificate template

 

Open Request Handling Tab and select Allow

 

 

 

Click Security Tab, choose Enterprise Admins group REMOVE Enroll permission and make sure only Read and Write permission are given.

 

 

Click Add, choose SCCM Site Servers group. Make sure Read and Enroll permission are given. Apply and OK.

 

 

Return to Certification Authority, right click Certificate Templates/New/Certificate Template to Issue

 

Select the certificate template you just created. 

 

 

 

 Requesting the Distribution Points Certificate:

Log on to Site Server and request the Distribution Points Certificate. To do that follow the procedures below.

Start/Run/ type mmc

Click File/Add-Remove Snap-In

Choose Certificates and click Add

Choose Computer Account

Choose Local Computer/Finish

Hit OK

 

 Expand personal Certificate store and right click on Certificates/All Tasks/Request New Certificate

 

 

Click Next

 

 

Check Distribution Point Certificate, hit Details and then Properties. Normally friendly name would be empty for the certificate, but I want to add a friendly name to distinguish the certificates. I will just type ClientCertForDPs as friendly name.

Now click the Enroll button. After certificate is installed, click the Finish button.

 

 

 

Right click the Distribution Points Certificate/all Tasks/Export

 

 

 

Choose Export Format as below.

 

 

To keep the exported certificate safe, specify a password.

 

 

Enter the path where you are going to keep this certificate and click Next and Finish. The path should be a shared folder and SCCM server should have right to access this shared folder or just keep this certificate on SCCM Server itself.

 

 

 We created all certificates that we need. Now we need to do some additional configurations. That is what Part4 covers.

 

  • Hits: 2925