Internet Based Client Management without internal PKI RRS feed

  • Question

  • Ignore the "why would you want to do this" questions you may have, just asking technically, is this possible:

    Can you deploy SCCM 2012 IBCM with purchased certficates from, for instance, GlobalSign? By that, I mean, purchasing a certificate for each and every user / device? Is it technically possible, or are you required to use internal PKI, or specifically Microsoft Certificate Services?

    If it is possible, any insights on how you would go about this would be appreciated as well.

    - Jason

    Tuesday, September 11, 2012 5:29 PM

All replies

  • Yes, this is possible. ConfigMgr 2012 simply has certificate requirements. As long as you can fullfill these requirments, then the source of the certificates is irrelevant.

    Here's the cert requirements: http://technet.microsoft.com/en-us/library/gg699362.aspx

    Jason | http://blog.configmgrftw.com

    Tuesday, September 11, 2012 6:45 PM
  • Be careful with EKUs - you need client auth for  Clients and DPs and Server auth for WEB server.  Certificates must be version 2 (not greater). In Microsoft terms it sounds like "certificate from Server 2003 template", so you should put some attention if you will use certs from a Public CA. Jason's link is great.


    Alex Ignatenko | MCITP:Lync 2010, Messaging, Server 2008 | MCTS:UC Voice, Virtualisation, SCCM, SCOM, OCS | MCSE: Security

    Wednesday, September 12, 2012 10:03 PM