Configuring SCCM 2012 for PKI and SSL: Setting up HTTPS communication

Recently, I’ve begun a rather large and complex SCCM implementation for a customer here in Seattle.  One of the requirements that they have is managing their rather extensive fleet of Apple laptops.  As you know, SP1 introduced OS X support, and that has expanded with R2.  However, I have never implemented this, and I was worried doing so might be a bit tricky.

This is my attempt at a soup-to-nuts guide at setting it up. As you know, PKI is a requirement for managing macs, but you should be using SCCM in SSL-mode anyway. But why? I often here people state that they don’t need encryption on a bunch of info about Windows patches etc. While this is true, it misses the point, and encryption is only a by-product of what we’re really after: authentication. SCCM is a very powerful tool, used to manage the configuration of your entire environment. Authenticating the servers that are doing the managing to the systems that are being managed is important.

Enough on that. For starters, I’ll assume the following:

  • A windows domain
  • SCCM 2012 R2 installed and basic configurations completed
  • Active Directory Certificate Services is installed and configured

If you’ve not set up a domain or installed ADCS before, good luck with that.  I’ll try to look around for a good guide and post, but that is beyond the scope of this guide.  You can review the basic of ADCS here:

If you’ve not installed SCCM before, I highly recommend you check out MVP Niall Brady’s guides here:

Clear?  Great!  Let’s get started.  We’ll need a few certs to put our site into HTTPS mode, so we’ll start by creating those here:

Workstation Client Certificate

Continue reading