sccm 2012

21- Configuration Manager HTTPS Communication and PKI Certificate Part 3

Client Certificate for Distribution Points:

Log on to Certification Authority, right click Certificates Templates and choose Manage.


Right click on Workstation Authentication and select Duplicate Template.



Choose windows Server 2003 Enterprise



Give a relevant name to the certificate template


Open Request Handling Tab and select Allow




Click Security Tab, choose Enterprise Admins group REMOVE Enroll permission and make sure only Read and Write permission are given.



Click Add, choose SCCM Site Servers group. Make sure Read and Enroll permission are given. Apply and OK.



Return to Certification Authority, right click Certificate Templates/New/Certificate Template to Issue


Select the certificate template you just created.



 Requesting the Distribution Points Certificate:

Log on to Site Server and request the Distribution Points Certificate. To do that follow the procedures below.

Start/Run/ type mmc

Click File/Add-Remove Snap-In

Choose Certificates and click Add

Choose Computer Account

Choose Local Computer/Finish

Hit OK


Expand personal Certificate store and right click on Certificates/All Tasks/Request New Certificate


Click Next


Check Distribution Point Certificate, hit Details and then Properties. Normally friendly name would be empty for the certificate, but I want to add a friendly name to distinguish the certificates. I will just type ClientCertForDPs as friendly name.

Now click the Enroll button. After certificate is installed, click the Finish button.



Right click the Distribution Points Certificate/all Tasks/Export




Choose Export Format as below.



To keep the exported certificate safe, specify a password.



Enter the path where you are going to keep this certificate and click Next and Finish. The path should be a shared folder and SCCM server should have right to access this shared folder or just keep this certificate on SCCM Server itself.



We created all certificates that we need. Now we need to do some additional configurations. That is what Part4 covers.

Post Comment

Scroll Up