The expense of the client certs made us pause. The project is not dead, but since you need a unique client cert per computer on the internet, it's expensive.
My understanding is that the clients will NOT auto-enroll you will need to deploy an SCCM client and unique cert by hand to each internet computer. Too bad SCCM/Intune only lets you manage Windows 8.1 desktops on the internet. Ivan Lindenfeld Fidelity National Financial Jacksonville, Florida From: [email protected] [mailto:[email protected]] On Behalf Of John M Sent: Tuesday, January 28, 2014 11:58 AM To: [email protected] Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? We use Globalsign, so far they are being helpful, but it's almost like I'm the first one to have ever asked for this. > From: > [email protected]<mailto:[email protected]> > To: [email protected]<mailto:[email protected]> > Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? > Date: Tue, 28 Jan 2014 16:45:50 +0000 > > A few companies to "managed" PKI for client certs. > > http://www.symantec.com/verisign/managed-pki-service > > http://www.digicert.com/managed-pki-ssl.htm?gclid=CN_ChtuoobwCFeg-MgodJC8A9A > > https://www.globalsign.com/enterprise-pki/ > > > Christopher Catlett > Consultant | Detroit > > > Sogeti USA > Office 248-876-9738 |Fax 877.406.9647 > 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 > www.us.sogeti.com<http://www.us.sogeti.com> > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of Dzikowski, Michael > Sent: Tuesday, January 28, 2014 11:26 AM > To: [email protected]<mailto:[email protected]> > Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? > > 3rd party could be expensive for client certs... > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of John > Sent: Tuesday, January 28, 2014 11:03 AM > To: [email protected]<mailto:[email protected]> > Subject: [mssms] Implement SCCM 2012 encryption with 3rd party CA? > > Hi All, > We are looking to set up a PKI to enable encryption in the SCCM 2012 > environment, but unfortunately, we do not have a local CA. We use a 3rd party > (GlobalSign) for our certificates, however, I'm not convinced they can > provide the client certificates. Has anyone else managed to get this working > with an external CA? I really need to know if this won't work and we're just > chasing our tails. Essentially, my concern is this: > When we set up a local CA to issue certificates, we do it by creating a > template and allowing the clients to auto-enroll for the certificate, if we > have a 3rd party CA, how does that mechanism work, if at all? > > Thanks in advance > > John > > > > > > > > > > > > >
