New Certificate for clients and server

lalajee 1,811 Reputation points
2022-11-08T12:58:42.653+00:00

Hi,

We have an requirement for servers to have an single certificate which does Client & server authentication

This single cert will be use on servers for following reason

IIS - DP, MP, SCCM
WinRM
Windows Admin Center
SCCM Client - Download patching, application and reporting

How can I create an template which can be use for all above?

Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
421 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
Microsoft Configuration Manager
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,151 Reputation points Microsoft Employee
    2022-11-08T14:23:17.153+00:00

    We have an requirement for servers to have an single certificate which does Client & server authentication

    First, keep in mind that this isn't specific to ConfigMgr in any way as ConfigMgr does not issue certs.

    Next, this specific requirement is almost always a terrible idea. Certs should be scoped down to as narrow a purpose as possible and this almost always means not having a cert used by both client and server auth.

    As for how to create a cert template, there is a lot of documentation on the web including this one: https://learn.microsoft.com/en-us/archive/blogs/askds/designing-and-implementing-a-pki-part-iii-certificate-templates

    1 person found this answer helpful.
    0 comments
  2. Simon Ren-MSFT 30,031 Reputation points Microsoft Vendor
    2022-11-14T08:48:43.583+00:00

    Hi,

    Agree with @Jason Sandys here. It's recommended to create different certificates for different purposes. Here are some guides for your reference:

    Deploy PKI Certificates for SCCM Step by Step Guide
    Deploying Web Server Certificate for Site Systems that Run IIS
    Deploying the Client Certificate for Distribution Points

    Thanks for your time. Have a nice day!

    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.