|
Step
|
Reference
|
| Confirm your PKI can support the various certificates required by Configuration Manager 2007. | Certificate Requirements for Native Mode |
| Ensure the following computers in the Configuration Manager 2007 site have a trusted root certification authority in common and intermediate certification authorities as needed: -
The site server.
-
Management points (the default management point, proxy management point, Internet-based management point, network load balanced management points).
-
Distribution points.
-
Software update points.
-
State migration points.
-
All client computers and mobile client devices.
.gif) Note |
|---|
|
Distribution points that are configured as site system shares rather than site system servers, as well as branch distribution points, do not use Internet Information Services (IIS) and therefore do not require certificates. |
| Deploying a Trusted Root Certification Authority to Configuration Manager Computers Deploying the Intermediate Certification Authority Certificates to Configuration Manager Computers |
| If you will use a Certificate Revocation List (CRL), publish it where all computers can locate it. | Certificate revocation checking is enabled by default for Configuration Manager clients, but it can be disabled. For more information, see Determine If You Need to Enable Certificate Revocation Checking (CRL) On Clients (Native Mode). Certificate revocation checking is enabled by default with IIS and cannot be disabled with Configuration Manager. Ensure that native mode site systems can connect to a CRL distribution point that is listed in their site system certificate. |
| Deploy the site server signing certificate to the site server, and determine how clients will retrieve it. | Deploying the Site Server Signing Certificate to the Site Server Decide How to Deploy the Site Server Signing Certificate to Clients (Native Mode) |
| Deploy the Web server certificates to the following site systems, and then configure IIS with the certificate: -
Management points (the default management point, proxy management point, Internet-based management point, network load balanced management points).
-
Distribution points.
-
Software update points.
-
State migration points.
| Deploying the Web Server Certificates to Site System Servers |
| Optional but recommended: On the site systems with the deployed Web server certificates, create or modify a certificate trust list (CTL) in IIS to contain the root certification authorities used by clients. | Determine If You Need to Configure a Certificate Trust List (CTL) with IIS (Native Mode) |
| Deploy client certificates to clients and management points. | Deploying the Client Computer Certificates to Clients and the Management Point |
| If you have mobile client devices, deploy the client device certificates. | Deploying Certificates to Mobile Device Clients |
| If you are using the operating system deployment feature, perform the following tasks: -
Export root certification authority certificates that operating system clients will use during the deployment process so that these can be imported into the Configuration Management console as a site setting.
-
Prepare and export one or more client certificates into a PKCS #12 file so that these can be included in the operating system deployment.
| How to Prepare the Root Certification Authority Certificates for Operating System Deployment Clients How to Specify the Root Certification Authority Certificates for Operating System Deployment Clients How to Export Certificates For Use With Operating System Deployment |