The public key infrastructure (PKI) certificates required to configure a Configuration Manager 2007 mobile device client to run in native mode are listed in the following tables. For more information about certificates required for native mode, see Certificate Requirements for Native Mode.

Certificates for Mobile Device Clients

Configuration Manager 2007 mobile device management uses the following certificates for native mode:

Configuration Manager Component Certificate Store Certificate Use How the Certificate Is Used By Mobile Devices in Configuration Manager

Site server signing certificate

Root

Document Signing

The site server signing certificate signs the policies that clients download from their management point so that clients know the policies originate from their assigned site.

Clients must be provisioned with a copy of this certificate before they can accept policies signed with it.

Mobile device user certificates

Personal

User Authentication

This certificate authenticates the device to the following servers:

  • Device management point

  • Proxy device management point

  • Distribution point

This certificate is also used to register the device client with Configuration Manager 2007.

Intermediate CA

Root

Certificate Chain Validation

This list of CAs creates an uninterrupted chain of authority to the root authority.

Root CAs for the following:

  • Site server signing certificate

  • Device management point

  • Distribution point

Root

Certificate Chain Validation

Used to register the root CA if not already present.

See Also