locked
PKI Certificate for DP's RRS feed

  • Question

  • Hello All - Just want to know, if, I can use same DP certificate on multiple DP's?

    My lab setup:

    CB1710 - Site Server with DP.  I have configured PKI (HTTPS) and created certificate for DP.  Imported the certificate into DP properties.

    Now, I am going to deploy another DP.  This DP should also communicate with PKI (HTTPS).  Can, I use the same certificate that, I used on the site server or do, I need to create a new Certificate from internal CA?

    When, I tried to use the same certificate on the new DP - I got this message

    I am using Internal CA to create certificates.

    Thanks

    RL

    Thursday, January 4, 2018 4:42 PM

Answers

  • Hi All - This is what, I found at MS Technet site

    There are no specific requirements for the certificate Subject or Subject Alternative Name (SAN), and you can use the same certificate for multiple distribution points. However, we recommend a different certificate for each distribution point.

    This certificate is used for the duration of the operating system deployment process only and is not installed on the client. Because of this temporary use, the same certificate can be used for every operating system deployment if you do not want to use multiple client certificates.

    The requirements for this certificate are the same as the client certificate for boot images for deploying operating systems. Because the requirements are the same, you can use the same certificate file.

    Based on the above, I believe same cert can be used on multiple DP's.  To be on the safe side, I will create a new cert for this new DP - Export the cert with private key and import the certificate after DP is deployed.

    Thanks

    RL

    Thursday, January 4, 2018 5:01 PM