IBCM Deploy clients without final certificate
Hi all,
I'm just wondering if I could deploy the SCCM Agent 2012 (Package/manually) with the Parameter "UsePKICert" without having the PKI infra in place. Is it possible to use that way or do I need to re-install the agents afterwards? Are there
other ways possible or is the PKI a must have before the Agent deploy process can start?
Many thanks in advance!
BR
Michael
August 31st, 2015 3:29pm
To use the PKI option you need a cert installed, otherwise it will simply fallback to HTTP.
August 31st, 2015 3:35pm
What's the scenario here where you'd want to do this?
August 31st, 2015 4:12pm
Ok, if it will simply fallback to HTTP is not a problem. I will explain again.
PKI infra might not be ready before client rollout and therefore the question is if I could install the SCCM agent with this "UsePKICert" parameter (Within Intranet) without having an client cerficate installed on the clients. When I configure
later the MP,DP and SUP in the DMZ, can these clients then connect via HTTPS or will it fail and I have to reinstall the SCCM agents?
September 1st, 2015 2:58am
When the certificates are in place and the site roles are configured to use HTTPS, the client should switch automatically to HTTPS.
September 1st, 2015 3:30am
So it means if I use for instance this command line below, the agent works afterwards when PKI infra is ready to use, right? It should get the MP list from AD if it is either HTTP or HTTPS, correct?
Ccmsetup.exe /usepkicert smsmp=FQDN of Intranet MP ccmhostname=FQDN of Internet MP smssitecode=Site code
September 1st, 2015 5:37am
There is no use in providing those PKI and Internet-client related parameters, as the client can't use them. As long as the clients are on the intranet during the switch to HTTPS they will get the new information true a policy (new since R2). The only
thing that would require a client reinstall is an Internet-only client.
September 1st, 2015 6:15am
Oh ok, good to know. Then I will simply skip that PKI parameters. Many thanks for your help!
-
Marked as answer by
MK182
21 hours 14 minutes ago
September 1st, 2015 6:36am
May I ask which policy of R2 version are you referring to? Many thanks in advance!
September 1st, 2015 7:27am
Many thanks for the link Torsten!
September 1st, 2015 8:15am