locked
SCCM Web Server Certificates RRS feed

  • Question

  • Hi all,

    This may be a silly question but wanted to clarify something re SSL Certs and IBCM in SCCM 2012 SP1.

    Does the Web Server Cert have to be from the Internal CA or can it be a Cert sourced from an external authority?

    Plan is to use IBCM for all client connectivity.

    Cheers'

    Dan

    Friday, January 18, 2013 2:09 AM

All replies

  • Either should work as long as the server and client trust the certificate check out this site for more info about PKI in ConfigMgr http://technet.microsoft.com/en-us/library/gg699362.aspx.


    Justin Chalfant | Blog: setupconfigmgr.com | SCUP Catalog: patchmypc.net/scup | Please mark as helpful/answer if this resovled your issue


    Friday, January 18, 2013 2:42 AM
  • Thanks for the reply. I've read (read skimmed) over that article however PKI is not my strength so just wanted a real world confirmation.

    Has anyone successfully deployed SCCM with Internet-Only based communication using a 3rd party SSL Cert?

    Note: my clients will consist of domain members and members of external domains and workgroups

    Cheers

    Friday, January 18, 2013 2:54 AM
  • I'm not sure if someone has or hasn't but that doesn't really make a difference as a cert is a cert is a cert. To Windows, and thus to ConfigMgr, as long as the cert is valid and trusted (as Justin said) it will be used -- Windows and ConfigMgr make no distinction between the source of a cert and have no way of knowing either.

    However, you do know that all of your clients require a (unique) certificate also for them to communicate over HTTPS? I mention this because many folks completely miss this.


    Jason | http://blog.configmgrftw.com

    Friday, January 18, 2013 1:56 PM
  • Thanks again for the replies.

    Completely understand a cert is a cert etc. As mentioned, just wanted a real world confirmation in the event that there were some smarts in SCCM that I have not yet found in my research/planning that could be missed in the web server deployment. I guess there isn't anything obvious that I've missed so I'll proceed with the deployment.

    Yep, fully aware of the client requirement for a unique cert etc. Have deployed this all in a LAB and tested everything except the Web Server Cert so was just checking.

    My answer will be found in my deployment.

    Thanks again.

    Dan

    Sunday, January 20, 2013 10:43 PM