|The information in this topic applies only to System Center 2012 R2 Configuration Manager.|
To deploy certificates to users or devices in System Center 2012 Configuration Manager, you must deploy certificate profiles to one or more collections of users or devices.
You can deploy trusted certification authority (CA) certificates, and user or device certificates. Before you deploy a user or device certificate, check whether the device has installed the trusted root CA certificate for those certificates. If the device does not have the trusted root certificate, perhaps because it is not a domain member or is from an untrusted forest, you must deploy the root CA certificate to the device in addition to deploying the user or device certificate.
Use the Deploy Certificate Profile dialog box to configure the deployment of certificate profiles. This configuration includes defining the collection to which the certificate profile will be deployed and specifying how often the certificate profile is evaluated for compliance.
|If you deploy multiple company resource access profiles to the
same user or device, the following behavior occurs:
|Before you can deploy certificate profiles, you must first configure the infrastructure and create certificate profiles. For more information, see the following topics:|
To deploy a certificate profile
In the Configuration Manager console, click Assets and Compliance.
In the Assets and Compliance workspace, expand Compliance Settings, expand Company Resource Access, and then click Certificate Profiles.
In the Certificate Profiles list, select the certificate profile that you want to deploy.
On the Home tab, in the Deployment group, click Deploy.
In the Deploy Certificate Profile dialog box, specify the following information:
- Collection: Click Browse to
select the user or device collection where you want to deploy the
- Generate an alert: Enable this option
to configure an alert that is generated if the certificate profile
compliance is less than a specified percentage by a specified date
and time. You can also specify whether you want an alert to be sent
to Microsoft System Center Operations Manager.
- Random delay (hours): (For certificate
profiles that contain Simple Certificate Enrollment Protocol
settings only) – Specifies a delay window to avoid excessive
processing on the Network Device Enrollment Service. The default
value is 64 hours.
- Specify the compliance evaluation schedule
for this certificate profile: Specifies the schedule by which
the deployed certificate profile is evaluated on client computers.
This can be either a simple schedule or a custom schedule.
Note The profile is evaluated on client computers when the users log on.
- Collection: Click Browse to select the user or device collection where you want to deploy the certificate profile.
Click OK to close the Deploy Certificate Profile dialog box and to create the deployment. For more information about how to monitor the deployment, see How to Monitor Certificate Profiles in Configuration Manager.