About Native Mode Certificates for Mobile Device Clients
The public key infrastructure (PKI) certificates required to configure a Configuration Manager 2007 mobile device client to run in native mode are listed in the following tables. For more information about certificates required for native mode, see Certificate Requirements for Native Mode.
Certificates for Mobile Device Clients
Configuration Manager 2007 mobile device management uses the following certificates for native mode:
| Configuration Manager Component | Certificate Store | Certificate Use | How the Certificate Is Used By Mobile Devices in Configuration Manager |
|---|---|---|---|
Site server signing certificate |
Root |
Document Signing |
The site server signing certificate signs the policies that clients download from their management point so that clients know the policies originate from their assigned site. Clients must be provisioned with a copy of this certificate before they can accept policies signed with it. |
Mobile device user certificates |
Personal |
User Authentication |
This certificate authenticates the device to the following servers:
This certificate is also used to register the device client with Configuration Manager 2007. |
Intermediate CA |
Root |
Certificate Chain Validation |
This list of CAs creates an uninterrupted chain of authority to the root authority. |
Root CAs for the following:
|
Root |
Certificate Chain Validation |
Used to register the root CA if not already present. |
See Also
Concepts
Certificate Requirements for Native Mode
Deploying Certificates to Mobile Device Clients
Step-By-Step Example Deployment of the PKI Certificates Required for Configuration Manager Native Mode: Windows Server 2008 Certification Authority
Step-By-Step Example Deployment of the PKI Certificates Required for Configuration Manager Native Mode: Windows Server 2003 Certification Authority