SCCM 2012 : Deploying Server Authentication Certificate



Now that you have completed the Tasks 1 & 2:

  1. SCCM 2012 : Server Authentication Certificate Templates 
  2. SCCM 2012 : Client Authentication Certificate Templates
  3. SCCM 2012 : Deploying Server Authentication Certificate
  4. SCCM 2012 : Configure your Clients for internet and workgroup clients
  5. SCCM 2012 : Internet and Workgroup Clients​

You can start to deploy your Certificates to your servers.

1. You need to open the Microsoft Management Console from the command prompt, powershell, run dialog or start search box by typing mmc.exe..

2. once the Microsoft Management Console opens, you need to add the Certificate snap-in and request the certificate:

a) Click  "File→Add/Remove Snap-in..."

b) In "Add or Remove Snap-ins" Select Certificates, then click Add

c) Select "Computer account"

d) Select "Local Computer: (the computer this console is running on)"

e) Click OK in the Add or Remove Snap-ins.

f) Extend Certificates (Local Computer) and click on Personal. Right Click Certificates, then select "All Tasks→Request New Certificate..."

g) On before you begin, click next

h) on Certificate Enrollment Policy, select Active Directory Enrolment Policy and Click next

i) Select the Configuration Manager Web Server Certificate Template you created, and click "Enroll"

j) It should tell you that you successfully created your certificate. click "Finish"

3. Now you may want to export the certificate so you can import it into the various roles in the futur.

a) in the Certificates MMC , right click the Certificate you just created, and select "All Tasks→Export"

b) in the Certificate Export Wizard "Welcome" screen, click Next

c) Select "Yes, export the private key"

d) On Certificate Export Wizard, "Export File Format", leave the defaults and click Next.

e) enter a password for the Certificate, click next.

f) In the Certificate Export Wizard, type or select a location to store the certificate, click Next. Click finish on the next screen. It is exported.


4. Now you need to configure IIS on the Server that will be communicating with the clients to use your Certificate you created:

a) Open your IIS Console , select the Default Web Site, then click Binding

b) Select "https 443" then click "Edit"

c) Select the certificate with the FQN used by the clients.

5. We need to Set the Site System role on the internet facing server you need to

6. You will now need to set the Management Point and Distribution Point in the Configuration Manager Console under "Administration→Site Hierarchy→Servers and Roles" for the server that will be communicating with this server to "Allow Internet Only Connection" or to "Allow Internet and Intranet Connections". You may want to make those settings for the "Application Catalog website point" as well if the clients will be using this.

a) Select the computer that is the management Point and Distribution Point for the Internet/Workgroup clients, then select Site System and click Properties

b)  Under Site System Properties you need to check "Specify an FQDN for this site system for use on the internet" and set the Internet FQDN for the server to the internet FQDN.

c) Now Select Management Point Site System Roles, and click Properties.

d) On the General tab, Select HTTPS, then Select "Allow intranet and Internet connections" OR "Allow Internet-Only Connections". If you will be using this to manage mobile devices and Mac computers, you will also want to check this box. Click OK

e) Next select the computer that will be the distribution point (it can be the same computer), next select Distribution Point under Site System Roles, then click Properties.

f) Now, on Distribution Point Properties, select HTTPS, and the same setting that you selected in "b". Next you need to import the certificate you created earlier and enter the password.

New move on to task 4 SCCM 2012 : Configure your environment for internet and workgroup clients



This website and its content is copyright of ITHierarchy Inc - © ITHierarchy Inc 2013-2015. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

  • you may print or download to a local hard disk extracts for your personal and non-commercial use only
  • you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.