Topic Last Updated—August 2008

The public key infrastructure (PKI) certificates that are required for native mode in Configuration Manager 2007 must be created, installed, and managed independently from Configuration Manager 2007. This means that there is no single method of deployment for the required certificates and you will need to consult your particular PKI deployment documentation for the necessary procedures and best practices.

The following table lists some Web references to help you deploy the certificates required by Configuration Manager 2007 if you are using a Microsoft PKI.

Description Reference

Microsoft home page for Windows Server 2008 PKI, which has many links to all aspects of using the latest Microsoft PKI, including technical overviews, step-by-step guides, troubleshooting information, knowledge base articles, and links to other resources.

Windows Server 2008 Active Directory Certificate Services (

Microsoft home page for Windows Server 2003 PKI, which has links to PKI introductory and technical overviews, step-by-step guides, and other resources.

Public Key Infrastructure for Windows Server 2003 (

The Microsoft Windows guide to designing a public key infrastructure, from the Windows Server 2003 Deployment Guide.

Designing a Public Key Infrastructure (

The Microsoft Windows Server 2003 public key infrastructure best practices, which lists many relevant white papers, examples, and sample scripts to help deploy a Microsoft PKI.

Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure (

In addition to using your PKI documentation, you can consult the following sections for some general guidance on each of the certificate deployment steps required for Configuration Manager 2007 to operate in native mode:

The following step-by-step guides provide walkthrough examples of how you can deploy the PKI certificates that are required for native mode, using a Microsoft enterprise certification authority:

See Also