The site server in a Configuration Manager 2007 native mode site requires a custom public key infrastructure (PKI) certificate before the site can operate in native mode.

You can deploy the site server signing certificate in a number of ways, including the following methods:

• If you are using a Microsoft PKI with an Enterprise certification authority using the Enterprise edition of Microsoft Windows Server 2003, you can modify a version 2 (v2) certificate template to create a site server signing certificate that can be requested online from the site server. Configure the template so that only site servers have read and enroll permissions and the subject name is supplied when the certificate is requested by each site server. For additional security, configure the template for manual approval.
  
  
• If you are using a Microsoft PKI with Web enrollment, you can request a custom certificate using the Web enrollment pages. If you are using the Enterprise edition of Windows Server 2003 with a modified v2 certificate template, you can request a certificate based on this template on the Web enrollment page, with the benefit of having the certificate requirements automatically configured with the template.
  
  
• If you are running Internet Information Services (IIS) on the site server, you can request this certificate through IIS as either an online request or a file request.
  
  
• You can request and retrieve the certificate using the Microsoft Certreq command-line utility.
  
  
• If you can create the certificate with your certificate management tools, you can export it and import it on the site server.
  
  

When the site server signing certificate is installed in the local certificate store on the site server, you need to configure Configuration Manager 2007 to use it. You do this either with Setup when you are installing the site or by configuring the site for native mode after Setup is complete.

See Also

---

To contact the documentation team, e-mail SMSdocs@microsoft.com.