Environment: Testing server for SCCM 2007 in Native mode on Server 2008. IIS, SQL Express 2005 SP2 and WSUS 3.0 already installed.
Steps to setup PKI for Native mode
- Get some coffee, maybe a sandwich and set your phone to ignore all calls, follow step 3 like your life depended on it.
- Add Active Directory Certificate Services Role via Server Manager:
- Step-by-Step Example Deployment of the PKI Certificates Required for Configuration Manager Native Mode: Windows Server 2008 Certification Authority:
Minor issues I encountered – Sitesigning.ini
- Use the Copy Code link which is available only in Internet Explorer (really Microsoft?), or ensure you have a clean copy with no spaces or changed characters. I copy pasted the code via Chrome and it failed (likely a PEBKAC issue… do ya think?).
- Whatever Template Display Name you choose in the Certificate Template MMC make sure to remove all spaces in the sitesigning.ini file:
The exercise example “ConfigMgr Site Server Signing Certificate” becomes “ConfigMgrSiteServerSigningCertificate”
“My SCCM Server Cert” needs to be “MySCCmServerCert”
12345 ][NewRequest]Subject = "CN=The site code of this site server is EUC"MachineKeySet = True[RequestAttributes]CertificateTemplate = MySCCmServerCert