No. It's a Code Signing certificate, not a client auth cert, used by WSUS/SCUP to sign the update.
But, you can create a template in your PKI for issuing that Code Signing cert so that updates WSUS/SCUP signed with the cert will already be trusted by your clients. If you use a self-signed cert, it must be distributed to the trusted root and trusted publisher stores on all the devices. http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/ I hope that helps, Nash Nash Pherson Microsoft MVP, Enterprise Client Management Senior Systems Consultant O: 651-796-1168 C: 507-304-0946 [Small Logo-PNG]<http://www.nowmicro.com/> 1645 Energy Park Drive Ste. 200 St. Paul, MN 55108 www.nowmicro.com<http://www.nowmicro.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Chian, Richard R Sent: Tuesday, November 3, 2015 3:08 PM To: [email protected] Subject: [mssms] SCUP My current environment: Config Manager 2012 SP1 with internal PKI infrastructure, we want to implement SCUP and would like to know if we can use the current machine's client authentication cert used by CM, instead of having to create a new CERT for SCUP and having to deploy it all clients? Appreciate the responses.
