Carol Bailey posted a great article on using a public CA for your native mode certificates over on the Configuration Manager product team blog so if this is something you’re interested in then you’ll definitely want to check it out. I have a brief intro and a link below:
Many companies do not currently have their own public key infrastructure (PKI) with an issuing Certification Authority (CA) but still want to benefit from native mode and Internet-based client management – which has a dependency on PKI certificates. So a natural follow-on question is whether native mode can use certificates from a public CA rather than using an internal CA.
The technical answer is yes. Native mode is PKI-agnostic, supporting industry standard certificates (version 3 of the x.509 certificate format) and has no dependencies on the issuing CAs. This is in contrast to the out of band management feature, introduced in Configuration Manager SP1, which has a dependency on a Microsoft enterprise CA and certificate templates for the certificates issued to the AMT-based computers.
J.C. Hornbeck | Manageability Knowledge Engineer