Configuration Manager 2007 native mode uses standard public key infrastructure (PKI) certificates, supporting version 3 of the x.509 certificate format. If your existing PKI deployment can create, deploy, and manage the certificates that Configuration Manager 2007 requires for native mode, you can use your existing PKI.
It is recommended, but not required, that Microsoft Certificate Services using an enterprise certification authority be used because doing so provides the following features, which can make it easier to support Configuration Manager 2007 in native mode:
- Automatic publishing of trusted root
authorities, intermediate certification authorities, and the
certificate revocation list (CRL) through Active Directory Domain
Services.
- Certificate templates to ease certificate
creation.
- Automatic deployment and renewal of
certificates with Group Policy.
- Automatic approval for online requested
certificates.
- Web enrollment for clients in workgroups or
from another Active Directory forest, and the deployment of
specialized certificates.
If you will use the out of band management feature, a Microsoft enterprise certification authority is required. For more information, see Certificate Requirements for Out of Band Management.
 Important |
|---|
| If you are using Active Directory Certificate Services with Windows Server 2008, do not use version 3 templates (Windows Server 2008, Enterprise Edition). These certificate templates result in creating certificates that are not compatible with Configuration Manager. |