James,
How are you importing the certificate and is it into the Personal store on the computer account in the MMC? Thanks, Eric Morrison From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Avery Sent: Wednesday, November 5, 2014 9:27 AM To: mssms@lists.myitforum.com; mssms@lists.myitforum.com Subject: [mssms] RE: Question - PKI SCCM 2012 R2 Distribution Points My apologies if I didn't make myself clear. Yes, it's for Distribution Points certificates for each DP in my SCCM environment. >From what your stating, it looks like I should do the following: 1. From the Distribution Server, Import the ConfigMgr distribution Point Certificate from my SubCA 2. From the Distribuition Point Server, Export the certificate 3. From the SCCM Console, Import the certificate in the Distribution Point Role for the server I exported the certificate from in step 2. Thank you, James From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Justin Chalfant Sent: Wednesday, November 05, 2014 1:04 AM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Question - PKI SCCM 2012 R2 Distribution Points If you are referring to the distribution point certificate not IIS then yes. This will work fine although would likely not be a security best practice. If you are referring to the web server certificate used within IIS then it would be a no since these have to be unique. Thanks, Justin Chalfant Premier Field Engineer - Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: <mailto:justin.chalf...@microsoft.com> justin.chalf...@microsoft.com If you have any feedback about my work, please let either myself or my manager Rusty Gray know at rusty.g...@microsoft.com <mailto:rusty.g...@microsoft.com> From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of James Avery Sent: Tuesday, November 4, 2014 5:15 PM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: [mssms] Question - PKI SCCM 2012 R2 Distribution Points Guys, I'm wanting confirmation about the following concern. My Google Foo isn't good today. I'm about to configure several Distribution Points on a new SCCM Environment configured to use HTTPS. 1. Can I use the same ConfigMgr Client Distribution Point Certificate I imported/exported to the first DP for all other DP's? 2. Or do I need to import/export a separate ConfigMgr Client Distribution Point Certificate for each DP? Thank you, James
