SCCM 2012 – Security (Part 4)
today we go ahead with the Part 4 of the series of posts about security and now it is time to talk about the DP certificates.
The DP certificate is the certificate that is used by any Distribution Point Site role and need to have the private key exported with it as it will be imported during/after the creation of the role. This is also the certificate that you can use on your media when creating one.
Anyway, if you go to the documentation (http://technet.microsoft.com/en-us/library/gg699362.aspx) you’ll noticed that in a Microsoft PKI environment, the certificate that you can use as base is the Workstation Authentication, however, if you don’t want to use it, make sure that the Enhanced Key Usage value must contain Client Authentication (126.96.36.199.188.8.131.52.2) and you’ll also see that The private key must be exportable.
Note: it is a best practices to create one certificate for each DP, but it is not a requirement as you can use same certificate for multiple DP’s.
04. If your PKI is Windows Server 2012/2012 R2, In the Properties of New Template dialog box, on the Compability tab, make sure that Windows Server 2003 is selected under Certification Authority and Windows XP / Windows Server 2003 under Certificate
10. Click OK, and close the Certificate Templates Console. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue. In the Enable Certificate Templates dialog box, select ConfigMgr DP Servers Certificate and then click OK.
Great, now that we now how to create the certificate template, we need to request the certificate, but this will be done in another post