none
Certificates needed for SCCM?

    Question

  • Hi All,

            We are trying to create a Microsoft SCCM 1511 Site Server for the production environment and it needs to have the right SSL certificates ( which are not self-signed but obtained from production worthy CAs like Verisign etc)

            We have a web server production ready certificate but not sure if it can be used to set up a ROOT CA while installing AD CS and setting up a Certificate Authority (Enterprise CA).

            It would be great if someone can advise the number and type of certificates that need to be obtained for configuring the AD CS and different things that go with running a Microsoft SCCM 1511 Site Server in a production environment. Being a live environment it would not be advisable to have self-signed certificate nor would it be a good practice to do so hence any help in this direction would be greatly appreciated.

    Thanks and Regards,

    Shridhar Iyer

    • Merged by IoTGirl Thursday, October 27, 2016 4:36 PM Not IoT Specific
    • Split by Just KarlModerator Thursday, November 10, 2016 2:46 PM It's a new question.
    Thursday, October 27, 2016 6:57 AM

Answers

  • Hello,

    I'd ask in the System Center Configuration Manager forums

    Karl

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Thursday, November 10, 2016 2:48 PM
    Moderator
  • Hi All,

            We are trying to create a Microsoft SCCM 1511 Site Server for the production environment and it needs to have the right SSL certificates ( which are not self-signed but obtained from production worthy CAs like Verisign etc)

            We have a web server production ready certificate but not sure if it can be used to set up a ROOT CA while installing AD CS and setting up a Certificate Authority (Enterprise CA).

            It would be great if someone can advise the number and type of certificates that need to be obtained for configuring the AD CS and different things that go with running a Microsoft SCCM 1511 Site Server in a production environment. Being a live environment it would not be advisable to have self-signed certificate nor would it be a good practice to do so hence any help in this direction would be greatly appreciated.

    Thanks and Regards,

    Shridhar Iyer

    Good day Shridhar Iyer,

    In addition to Just Karl answer, maybe this will help you to start: The certificates includes the information like a domain or sub-domain. You can use one certificate for several sub-domain or all sub-domain and you can use separate certificates for each sub-domain. you should discuss your case with the company that gives you the certificate. For more secure we usually prefer specific certificate for specific part of the app but you can place several alternative virtual host names on that single certificate as you can read more here: https://tools.ietf.org/html/rfc3280#section-4.2.1.7, but each SSL cert requires a unique IP address and/or port.

    In short, I recommend to ask for specific info directly in the company that you gives you the certificates 


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Thursday, November 10, 2016 4:46 PM
    Moderator

All replies

  • Hello,

    I'd ask in the System Center Configuration Manager forums

    Karl

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Thursday, November 10, 2016 2:48 PM
    Moderator
  • Hi All,

            We are trying to create a Microsoft SCCM 1511 Site Server for the production environment and it needs to have the right SSL certificates ( which are not self-signed but obtained from production worthy CAs like Verisign etc)

            We have a web server production ready certificate but not sure if it can be used to set up a ROOT CA while installing AD CS and setting up a Certificate Authority (Enterprise CA).

            It would be great if someone can advise the number and type of certificates that need to be obtained for configuring the AD CS and different things that go with running a Microsoft SCCM 1511 Site Server in a production environment. Being a live environment it would not be advisable to have self-signed certificate nor would it be a good practice to do so hence any help in this direction would be greatly appreciated.

    Thanks and Regards,

    Shridhar Iyer

    Good day Shridhar Iyer,

    In addition to Just Karl answer, maybe this will help you to start: The certificates includes the information like a domain or sub-domain. You can use one certificate for several sub-domain or all sub-domain and you can use separate certificates for each sub-domain. you should discuss your case with the company that gives you the certificate. For more secure we usually prefer specific certificate for specific part of the app but you can place several alternative virtual host names on that single certificate as you can read more here: https://tools.ietf.org/html/rfc3280#section-4.2.1.7, but each SSL cert requires a unique IP address and/or port.

    In short, I recommend to ask for specific info directly in the company that you gives you the certificates 


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Thursday, November 10, 2016 4:46 PM
    Moderator