Does Configuration Manager Native Mode Have to Use a Single CA Hierarchy?

Over on the System Center Configuration Manager Team Blog, Carol Bailey posted some great information on Native Mode and certificates including a couple examples of multi-CA hierarchies.  If this sounds like you then you’ll definitely want to check this out:


We’ve seen this question come up a few times, and the simple answer is no – as long as the communicating computers have a trust in common, and the correct certificates are used, native mode works just fine.  This trust in common can use a single certification authority (CA) hierarchy or multiple CA hierarchies.  Because native mode is PKI-agnostic, this all happens at a lower level than Configuration Manager – we just need the PKI connection established before we can proceed with native mode communication.

To continue reading visit


J.C. Hornbeck | Manageability Knowledge Engineer