locked
Workstation Authentication template questions RRS feed

  • Question

  • Hi,

    Does ConfigMgr 2012 still require clients to use the Workstation Authentication Template or can I use the Computer Certificate Template?

    Is only XP affected to be used for the Workstation Authentication template?

    Regards

    Niklas

    Tuesday, January 21, 2014 10:47 AM

Answers

  • ConfigMgr does not (and did not) require the use of any cert templates. ConfigMgr clients that you wish to use HTTPS communication require a client auth certificate as detailed at http://technet.microsoft.com/en-us/library/gg699362.aspx

    The workstation cert template is a means to create the required client auth cert using a Microsoft CA/PKI. You can use this template, use your own template (if your CA is installed on Windows Enterprise), not use a template, use another CA, etc. as long as the client gets an appropriate cert.


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Joyce L Wednesday, January 22, 2014 6:49 AM
    • Marked as answer by Nicked127 Wednesday, January 22, 2014 9:58 AM
    Tuesday, January 21, 2014 3:21 PM

All replies

  • ConfigMgr does not (and did not) require the use of any cert templates. ConfigMgr clients that you wish to use HTTPS communication require a client auth certificate as detailed at http://technet.microsoft.com/en-us/library/gg699362.aspx

    The workstation cert template is a means to create the required client auth cert using a Microsoft CA/PKI. You can use this template, use your own template (if your CA is installed on Windows Enterprise), not use a template, use another CA, etc. as long as the client gets an appropriate cert.


    Jason | http://blog.configmgrftw.com

    • Proposed as answer by Joyce L Wednesday, January 22, 2014 6:49 AM
    • Marked as answer by Nicked127 Wednesday, January 22, 2014 9:58 AM
    Tuesday, January 21, 2014 3:21 PM
  • Sorry, bad phrasing from my side, of course ConfigMgr doesn´t require a certificate, this works well for us today.

    We are thinking of Internet-Based Client management so where for the question on client certificates so we are looking at HTTPS communication.

    I think I understand it now, it is the compatibility which should be selected as Windows Server 2003 on the CA for the template. This is version 2 and if I would pick Windows Server 2008 on the certificate template that is version 3.

    Wednesday, January 22, 2014 9:58 AM
  • Correct, if you use templates.

    Jason | http://blog.configmgrftw.com

    Wednesday, January 22, 2014 10:11 PM
  • yes, we will use a template.

    Thanks!

    Thursday, January 23, 2014 11:42 AM