There is a GPO setting needed too. I can't remember the details but might save some head scratching to know. On 3 Nov 2015 11:46 p.m., "Nash Pherson" <[email protected]> wrote:
> No. It’s a Code Signing certificate, not a client auth cert, used by > WSUS/SCUP to sign the update. > > > > But, you can create a template in your PKI for issuing that Code Signing > cert so that updates WSUS/SCUP signed with the cert will already be trusted > by your clients. If you use a self-signed cert, it must be distributed to > the trusted root and trusted publisher stores on all the devices. > > > > > http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/ > > > > > > I hope that helps, > > > > Nash > > > > *Nash Pherson* > > *Microsoft MVP, Enterprise Client Management* > *Senior Systems Consultant* > > O: 651-796-1168 > > C: 507-304-0946 > > > > [image: Small Logo-PNG] <http://www.nowmicro.com/> > > 1645 Energy Park Drive Ste. 200 > > St. Paul, MN 55108 > > www.nowmicro.com > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Chian, Richard R > *Sent:* Tuesday, November 3, 2015 3:08 PM > *To:* [email protected] > *Subject:* [mssms] SCUP > > > > My current environment: Config Manager 2012 SP1 with internal PKI > infrastructure, we want to implement SCUP and would like to know if we can > use the current machine’s client authentication cert used by CM, instead of > having to create a new CERT for SCUP and having to deploy it all clients? > > Appreciate the responses. > > > >
