locked
Renew sccm 2012 certificates, How does it works? RRS feed

  • Question

  • Hello,

    We have a PKI SCCM 2012 client certificate distributed using a Certificate server in our domain (template).

    We have enabled autoenrolment enabled in the policies.

    Does the PKI certificate for SCCM 2012 client certificate on the client automatically renew when it wil expire ?

    What is the time that the certificate will be renewed automatically?

    Do we need to renew the template on the certificate server?

    Can someone explain how this works?


    • Edited by Theo H Wednesday, May 24, 2017 3:30 PM
    Wednesday, May 24, 2017 3:14 PM

All replies

  • First, this really has nothing to do with ConfigMgr -- ConfigMgr is simply a consumer.

    > "Does the PKI certificate for SCCM 2012 client certificate on the client automatically renew when it wil expire ? "

    Assuming you've enabled auto-renewal and the client system has access to AD and the issuing CA, then yes.

    > "What is the time that the certificate will be renewed automatically?"

    Based on the text of the option in Group Policy, the certificate will be renewed once it has expired: "Renew expired certificates, update pending certificates, and remove revoked certificates"

    > "Do we need to renew the template on the certificate server? "

    Templates don't expire.

    "Can someone explain how this works? "

    How what works? Have you reviewed the official documentation?


    Jason | http://blog.configmgrftw.com | @jasonsandys


    Wednesday, May 24, 2017 3:36 PM