Determine Whether You Can Use Your Existing PKI for Native Mode
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Configuration Manager 2007 native mode uses standard public key infrastructure (PKI) certificates, supporting version 3 of the x.509 certificate format. If your existing PKI deployment can create, deploy, and manage the certificates that Configuration Manager 2007 requires for native mode, you can use your existing PKI.
It is recommended, but not required, that Microsoft Certificate Services using an enterprise certification authority be used because doing so provides the following features, which can make it easier to support Configuration Manager 2007 in native mode:
Automatic publishing of trusted root authorities, intermediate certification authorities, and the certificate revocation list (CRL) through Active Directory Domain Services.
Certificate templates to ease certificate creation.
Automatic deployment and renewal of certificates with Group Policy.
Automatic approval for online requested certificates.
Web enrollment for clients in workgroups or from another Active Directory forest, and the deployment of specialized certificates.
If you will use the out of band management feature, a Microsoft enterprise certification authority is required. For more information, see Certificate Requirements for Out of Band Management.
If you are using Active Directory Certificate Services with Windows Server 2008, do not use version 3 templates (Windows Server 2008, Enterprise Edition). These certificate templates result in creating certificates that are not compatible with Configuration Manager.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.