Topic Last Updated—August 2008

The public key infrastructure (PKI) certificates that are required for native mode in Configuration Manager 2007 must be created, installed, and managed independently from Configuration Manager 2007. This means that there is no single method of deployment for the required certificates and you will need to consult your particular PKI deployment documentation for the necessary procedures and best practices.

The following table lists some Web references to help you deploy the certificates required by Configuration Manager 2007 if you are using a Microsoft PKI.

Description	Reference
Microsoft home page for Windows Server 2008 PKI, which has many links to all aspects of using the latest Microsoft PKI, including technical overviews, step-by-step guides, troubleshooting information, knowledge base articles, and links to other resources.	Windows Server 2008 Active Directory Certificate Services (http://go.microsoft.com/fwlink/?LinkId=115018)
Microsoft home page for Windows Server 2003 PKI, which has links to PKI introductory and technical overviews, step-by-step guides, and other resources.	Public Key Infrastructure for Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=78389)
The Microsoft Windows guide to designing a public key infrastructure, from the Windows Server 2003 Deployment Guide.	Designing a Public Key Infrastructure (http://go.microsoft.com/fwlink/?LinkId=78391)
The Microsoft Windows Server 2003 public key infrastructure best practices, which lists many relevant white papers, examples, and sample scripts to help deploy a Microsoft PKI.	Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure (http://go.microsoft.com/fwlink/?LinkId=78390)

In addition to using your PKI documentation, you can consult the following sections for some general guidance on each of the certificate deployment steps required for Configuration Manager 2007 to operate in native mode:

• Deploying a Trusted Root Certification Authority to Configuration Manager Computers
  
  
• Deploying the Intermediate Certification Authority Certificates to Configuration Manager Computers
  
  
• Deploying the Site Server Signing Certificate to the Site Server
  
  
• Deploying the Web Server Certificates to Site System Servers
  
  
• Deploying the Web Server Certificate to Network Load Balanced Site Systems
  
  
• Deploying the Client Computer Certificates to Clients and the Management Point
  
  
• Deploying Certificates to Mobile Device Clients
  
  

The following step-by-step guides provide walkthrough examples of how you can deploy the PKI certificates that are required for native mode, using a Microsoft enterprise certification authority:

• Step-by-Step Example Deployment of the PKI Certificates Required for Configuration Manager Native Mode: Windows Server 2008 Certification Authority
  
  
• Step-By-Step Example Deployment of the PKI Certificates Required for Configuration Manager Native Mode: Windows Server 2003 Certification Authority
  
  

See Also

---

To contact the documentation team, e-mail SMSdocs@microsoft.com.