locked
Setup SCCM 2012 Web Based client how to setup PKI RRS feed

  • Question

  • I have a question about setting up web based clients on SCCM 2012.

    Add the moment I would like to setup a CAS server below there on primary configured without certificates. Add the moment on all clients within our domain a computer certificate is pushed only still something gives a problem. That why we would like to setup the default primary without certificates.

    Only to support web based clients a PKI certificate need to be setup. My question is can I setup this on the same primary with a Secure Management Point and Distribution point? Or is it better to install another primary for the web based clients. If so do I also need to configure my CAS server with certificates?

    Thursday, February 7, 2013 7:55 PM

Answers

All replies

  • 1) I do not understand why you add a CAS into the infrastructure

    2) You can have a single Primary Site server and multiple site systems, e.g. one MP that allows HHTP and another MP that only allows HTTPS. There is not need to install multiple sites to support both HTTP/HTTPS in your environment


    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    • Marked as answer by JNH Budding Wednesday, October 9, 2013 12:49 PM
    Friday, February 8, 2013 7:00 AM
  • Hi Kent, Thanks for your reply will explain why I want to install a CAS in our infrastructure. Add the moment we have 20000 within our company only allot of site with a poor network connection. Our current SCCM 2007 Native infrastructure therefore has 7 primary sites. The problem is if we don't setup the CAS we cannot expained if needed. I am now setting up a test environment so our team already can test everything. My question if I setup the CAS server and one primary site which certificates do I need to setup and deploy? I would say I only need to setup the Web Server and Client Certificate only want to be sure I don't need to setup the Site Signing Certificate or is that also needed?
    Friday, February 8, 2013 8:22 AM
  • Using a CAS and multiple primaries introduces the need for SQL replication / DRS. CAS and primaries should be "well connected" therefore (MS does not mention any exact details in their docs).
    Why not using a standalone primary site and multiple secondaries and/or sender enabled DPs?

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, February 8, 2013 8:28 AM
  • Add the moment we have 7 primary sites in SCCM 2007 Native mode. Made this structure with microsoft support so don't think only on primary will do it. Could be that's the case only to be sure I will setup the test environment with a CAS and 1 Primary site. To replicate the SQL do I need to setup the site signing certificate or this is not needed?

    Friday, February 8, 2013 9:12 AM
  • The architecture of CM12 is different compared to CM07. A central site (CM07) is not the same as a CAS (CM12). Why do you think that a primary cannot handle that?
    http/https has nothing to do with SQL replication / DRS.

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, February 8, 2013 9:33 AM
  • That's true only if you want to use more than 1 primary you need to install a CAS. So to be sure I will setup my test environment with a CAS. If we have a talk with the team and microsoft and we decide to use a single primary site we go this way. Only to be sure I would like to setup the test site with both systems. Question for me is do I need to setup a Site signing certificate or is this not necessary.

    Friday, February 8, 2013 10:24 AM