locked
IBCM Hierarchy design RRS feed

  • Question

  • For political reasons we have a CAS and two primary servers, with one primary which will be dedicated to internet based clients.  My question is will the certs that are created for the PKI have to be installed on both primary servers and the CAS or just the dedicated primary site and the CAS.
    Thursday, April 25, 2013 5:51 PM

Answers

  • Clients assigned to your internal primary do not have to have PKI certificates.  That server and those clients can use HTTP.

    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    • Marked as answer by MiJSc Thursday, April 25, 2013 6:05 PM
    Thursday, April 25, 2013 6:04 PM

All replies

  • Clients assigned to your internal primary do not have to have PKI certificates.  That server and those clients can use HTTP.

    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    • Marked as answer by MiJSc Thursday, April 25, 2013 6:05 PM
    Thursday, April 25, 2013 6:04 PM
  • Thank you, much appreciated.
    Thursday, April 25, 2013 6:06 PM
  • To add on what Neil said. Yes, Your CAS will need to be running in HTTPS in order for your child primary for IBCM to use HTTPS the other internal primary could run in HTTP.

    Justin Chalfant | Blog: setupconfigmgr.com | SCUP Catalog: patchmypc.net/scup | Please mark as helpful/answer if this resolved your issue

    Thursday, April 25, 2013 6:08 PM