I am in a process to migrate SCCM 2007 to SCCM 2012 R2. We have 300 BDP on remote windows 7 machines and need be built as SCCM 2012 DPs. I have a script to install SCC 2012 clients, install IIS role on 300 DPs. All those remote DPs got ConfigMgr Client Cert from AD automatically.

I have two questions need help:

I have create three kind Certs: COnfigMgr Web Server Cert, ConfigMgr CLient Cert, and ConfigMgr Client DP cert (allow export key)

a) Each remote DP is also SCCM client, and already have Client cert from AD. Are they still need ConfigMgr Client DP Cert?

b) How to automatically deploy "ConfigMgr Web Server Cert" to those remote 300 DPs? any scripting solution available?

Any help is greatly appreciate.

Steven

a) No, not unless they will be hosting PXE based OSD task sequences.

b) Sure, but that's a PKI question. You can use certutil to enroll the target system for the cert and then you'd have to configure the web site also which can probably be done using PowerShell. Better questions for a PKI forum and an IIS forum.