Using a Public CA for Configuration Manager Native Mode

Carol Bailey posted a great article on using a public CA for your native mode certificates over on the Configuration Manager product team blog so if this is something you're interested in then you'll definitely want to check it out.  I have a brief intro and a link below:


Many companies do not currently have their own public key infrastructure (PKI) with an issuing Certification Authority (CA) but still want to benefit from native mode and Internet-based client management - which has a dependency on PKI certificates.  So a natural follow-on question is whether native mode can use certificates from a public CA rather than using an internal CA.

The technical answer is yes.  Native mode is PKI-agnostic, supporting industry standard certificates (version 3 of the x.509 certificate format) and has no dependencies on the issuing CAs.  This is in contrast to the out of band management feature, introduced in Configuration Manager SP1, which has a dependency on a Microsoft enterprise CA and certificate templates for the certificates issued to the AMT-based computers.

To continue reading see

J.C. Hornbeck | Manageability Knowledge Engineer

Comments (1)
  1. Anonymous says:

    Just an FYI that we posted a note about using a Public CA for Configuration Manager Native Mode over

Comments are closed.

Skip to main content