Recommendations for PKI Key Lengths and Validity Periods with Configuration Manager 2007

imageJust in case you missed it, Carol Bailey has posted yet another fantastic article on certificates over on the blog. If certificates are as confusing to you as they are to me then you'll definitely want to give this one a good read.  I have her intro and a link below:


I sometimes get questions from customers about values to set for the key sizes and validity periods for the certificates required for native mode and out of band management in Configuration Manager.  This has been a tough one for me to answer, because in the main, these values are external to Configuration Manager and they are PKI design questions with advantages and disadvantages for different values.  The higher the key size, the more secure the certificate is from attackers, but will require more processing to use.  The longer the validity period, the less certificate maintenance required (and potentially some service disruption), but the certificate is more vulnerable to being compromised.

To continue reading see

J.C. Hornbeck | Manageability Knowledge Engineer

Skip to main content