Hi there, i was wondering whether or not using 3rd party certificates such as comodo secure server certificates can be used on internet facing management points?
regards,
Dutch guy
Technology Tips and News
Hi there, i was wondering whether or not using 3rd party certificates such as comodo secure server certificates can be used on internet facing management points?
regards,
Dutch guy
At this moment Client Computer Communication \ Site Properties \ Trusted Root Certification Authorities is unconfigured. Because we use a Commodo certificate with a Root and Intermediate certificate in between i'm not sure whether or not i should configure this for Client Computer Communication?
I did selected HTTPS or HTTP and checked Use PKI client certificate (client authentication capability) when available.
based on this blog: http://blogs.technet.com/b/configurationmgr/archive/2013/12/11/a-closer-look-at-internet-based-client-management-in-configmgr-2012.aspx
other tech guys would disagree
.....Error code 87d00281 means No certificate matching criteria specified
In order to resolve this, navigate to Client Computer Communication under Site Properties and go to Trusted Root Certification Authorities and click on Set. After doing that, specify the self-signed cert of CA2 without its private key and click on OK......
Note that CA2 in that post refers to the cert of the CA issuing the client certs, not the certs for the site systems as that cert is never actually seen by ConfigMgr.
Have you issued [unique] client auth certs to each ad every client that will be managed via HTTPS?
The client certificates are unique however they are created by a NOT-Microsoft PKI CA. We found that the certs are version 3, which are probably not compatible with ConfigMgr.
Is version 3 corresponding with the MS PKI cert template "Windows 2008 Server, Enterprise Edition" ?
And is version 2 corresponding with the "Windows 2003 Server, Enterprise Edition" template?
Which cert properties are the difference?
Which settings should be used when using OpenSSL?
That is correct, ConfigMgr does not support certs built using V3 templates. Reference https://technet.microsoft.com/en-us/library/gg699362.aspx for all PKI requirements.
Yes to the Microsoft cert template question. It's not just the properties that are different between the templates, but there are other capabilities and even different cryptography standards in use. More info: http://social.technet.microsoft.com/wiki/contents/articles/3072.incompatible-with-windows-server-2008-enterprise-version-3-or-v3-certificate-templates.aspx
Best to post the last question on an OpenSSL forum.
Best to post the last question on an OpenSSL forum.