myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


PKI SCCM

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> PKI SCCM Page: [1]
Login
Message << Older Topic   Newer Topic >>
PKI SCCM - 4/21/2008 9:50:34 PM   
smsjourney

 

Posts: 51
Score: 0
Joined: 11/29/2006
Status: offline 		I did a Native mode configuration a while back for a client but another client don't have a CA Authority in there infracture. They want me to use Verisign. Will this work? Is there and area to Configure " The site code of this server is SITECODE"  Seems like it will be a problem because, I did a test with a ssl from a well know third and it did not work on my network.  What the best way to approach this? Should I make the SCCM the CA as the easy way out?


your thoughts

smsjourney
Post #: 1
RE: PKI SCCM - 4/22/2008 9:32:40 AM   
jsandys


Posts: 463
Score: 17
Joined: 3/24/2005
From: San Antonio, TX
Status: offline 		You must also have a way to issues certificates to all of your managed clients as they all need certificates capable of client authentication and for the various site systems.  Because of this it is not practical to buy certs for every managed system.  And, as you pointed out, the certs from public certificate companies are not easily customizable to accomodate the requirements of ConfigMgr.

The best way (not the only way) is to have an Enterprise CA on Windows 2003 Enterprise.  Your easy way out is feasible, as long as the customer is on board.  The one problem though is that if you do make it an Enterprise CA, it will integrate with AD and although this won't cause functinal problems, it does have some ramifications; e.g., DC's automatically request certs.

_____________________________

Jason
________________________________________
http://myitforum.com/cs2/blogs/jsandys/default.aspx

(in reply to smsjourney)
Post #: 2
RE: PKI SCCM - 4/22/2008 11:45:22 AM   
mserafine

 

Posts: 1660
Score: 157
Joined: 4/7/2003
Status: offline 		DO NOT stand-up an Enterprise CA w/o very thorough planning and testing first, and just as important is the buy-in and coordination with those who are responsible for managing/maintaining your AD forest as they will be (should be) the ones to actually perform the implementation and configuration of the CA.

Everything comes to a grinding halt when computers are no longer able to authenticate each other because of an improperly configured enterprise CA.

_____________________________

Mark Serafine, MCSE, MCTS | Senior Premier Field Engineer - Manageability (SMS, MOM, System Center) | Microsoft Corporation

(in reply to jsandys)
Post #: 3
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> PKI SCCM Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.250