sccm 2012

20- Configuration Manager HTTPS Communication and PKI Certificate Part 2

We already created Web Server certificate in Part1. It is now time to create client certificates. Log on to Certification Authority console, right click Certificate Templates and then select Manage.


Right click on Workstaation Authentication and Select Duplicate Template


Choose windows Server 2003 Enterprise


Give your template a name, I name it ConfigMgrClientCert




Select Security Tab, Choose Domain Computers. Make sure Read, Enroll and AutoEnroll permissions are given. Click OL and close the properties of this new template. Close Certificate Templates Console.



On Certification Authority console, right click Certificate Template and choose New/Certificate Template to Issue


Select the Client Certificate we just created and click OK.




 Group Policy Configuration For Client Certificate:

Log on to Domain Controller and start Group Policy Management. Right click the domain and choose Create a GPO in this domain and Link it here.



Give a  relevant name to this GPO and Edit the new GPO.


Open the Certificate Services Client – Auto – Enrollment Properties


Select Enabled options and make sure you check both checkboxes.


Close Group Policy Managent. That is all we need to do for Client certficate. In Part 3, I will show how to create a Client Certificate for Distribution Points.

Post Comment

Scroll Up