locked
Client certificate selection and Impact RRS feed

  • Question

  • Hi All,

    I have environment will manage both http and https client management. I have enabled preferred management point options, clients to choose their MP, DP based on the Boundary groups.

    1 site system has MP and DP role installed managed for Http clients.

    1 site system has MP and DP role  installed to manage for Https clients.

    Http client has valid PKI client certificate used for different purpose saved in Personal store.

    When I checked the Http client in the console,  client certificate column changed from Self-signed to PKI.

    I have checked the ClientIDstartupmanager.log, its showing found the valid PKI certificate.

    However, the client is reporting to preferred management point of HTTP site.

    I have two questions,

    How do restrict http client, should always select self-singed certificate ?

    Is there any impact, if https client have valid client authentication certificate used for different application by the SCCM Client.

    Kindly advice.


    Regards, kanna

    Thursday, October 15, 2015 6:48 PM

Answers

  • Hi,

    There is a option called Use client PKI certificate (client authentication capability) when available in  the Client Computer Communication tab of Site Properties. Checked it when you want to use a client PKI certificate for HTTP connections. The client uses this certificate instead of a self-signed certificate to authenticate itself to site systems.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Joyce L Thursday, November 5, 2015 6:50 AM
    • Marked as answer by Joyce L Monday, November 9, 2015 9:51 AM
    Friday, October 16, 2015 7:47 AM

All replies


  • Regards, kanna

    Thursday, October 15, 2015 7:01 PM
  • Team any help?

    Regards, kanna

    Friday, October 16, 2015 7:39 AM
  • Hi,

    There is a option called Use client PKI certificate (client authentication capability) when available in  the Client Computer Communication tab of Site Properties. Checked it when you want to use a client PKI certificate for HTTP connections. The client uses this certificate instead of a self-signed certificate to authenticate itself to site systems.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Joyce L Thursday, November 5, 2015 6:50 AM
    • Marked as answer by Joyce L Monday, November 9, 2015 9:51 AM
    Friday, October 16, 2015 7:47 AM