Client computers in a Configuration Manager 2007 native mode site require public key infrastructure (PKI) computer certificates to authenticate them to the management point. Without this authentication, Configuration Manager 2007 clients in a native mode site are unmanaged and will send a status message to their fallback status point. Additionally, the management point requires a client certificate so that it can be monitored and send its status to the site server. If you are using the operating system deployment feature, the state migration point also requires a client certificate for monitoring purposes.
|The management point and state migration point requires a client certificate even if these site systems do not have installed on them the Configuration Manager 2007 client.|
You can install the client computer certificates in a number of ways. Refer to your PKI documentation for more information. The recommended method if you are using a Microsoft PKI is to create the certificates using the version 1 (v1) computer template, or the version 2 (v2) client workstation template, and then automatically auto enroll the certificates to computers using Group Policy.
Other deployment methods include the following:
- If you are using a Microsoft PKI with Web
enrollment, you can request the certificate from each computer,
using the Web enrollment pages.
- If you are using a Microsoft PKI with an
enterprise CA, you can use the Certificates Microsoft Management
Console snap-in from each computer to import a certificate or
request the certificate. Use the Request New Certificate
task or Import task from the Personal certificate
store on the local computer.
- You can request and retrieve the certificate
using the Microsoft Certreq command-line utility.
- If you can create the certificate with your
certificate management tools, you can export it and import it on
|If you are installing clients using the operating system deployment feature, a client certificate might be required to complete the deployment process. The certificate must be created and then exported to a .PFX file so that it can be imported in Configuration Manager 2007 when configuring the operating system deployment. For more information about this scenario, see How to Export Certificates For Use With Operating System Deployment.|