The public key infrastructure (PKI) certificates that you might require for System Center 2012 Configuration Manager are listed in the following tables. This information assumes basic knowledge of PKI certificates. For step-by-step guidance for an example deployment of these certificates, see Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority. For more information about Active Directory Certificate Services, see Active Directory Certificate Services in Windows Server 2008.

With the exception of the client certificates that Configuration Manager enrolls on mobile devices and Mac computers, the certificates that Windows Intune automatically creates for managing mobile devices, and the certificates that Configuration Manager installs on AMT-based computers, you can use any PKI to create, deploy, and manage the following certificates. However, when you use Active Directory Certificate Services and certificate templates, this Microsoft PKI solution can ease the management of the certificates. Use the Microsoft certificate template to use column in the following tables to identify the certificate template that most closely matches the certificate requirements. Template-based certificates can be issued only by an enterprise certification authority running on the Enterprise Edition or Datacenter Edition of the server operating system, such as Windows Server 2008 Enterprise and Windows Server 2008 Datacenter.

When you use an enterprise certification authority and certificate templates, do not use the version 3 templates (Windows Server 2008, Enterprise Edition). These certificate templates create certificates that are incompatible with Configuration Manager.

Use the following sections to view the certificate requirements.

PKI Certificates for Servers

PKI Certificates for Clients

See Also