With KSP support, Configuration Manager clients support hardware-based private keys, such as a TPM KSP for PKI client authentication certificates.įor more information, see CNG v3 certificates overview. Configuration Manager clients can use a PKI client authentication certificate with private key in a CNG Key Storage Provider (KSP). CNG v3 certificatesĬonfiguration Manager supports Cryptography: Next Generation (CNG) v3 certificates. For more information, see Windows Enforcement of SHA1 certificates. Windows doesn't trust certificates signed with SHA-1. For example, if you purchase a public certificate for use with a cloud management gateway, make sure that you purchase an SHA-2 certificate.
All internet-facing services should use an SHA-2 certificate. Issue new server and client authentication certificates that are signed with SHA-2, which includes SHA-256 and SHA-512. Supported certificate types Secure Hash Algorithm 2 (SHA-2) certificates
How to enable Transport Layer Security (TLS) 1.2 Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 Certification AuthorityĪctive Directory Certificate Services Overview Only an enterprise certification authority (CA) that runs on the Enterprise or Datacenter editions of Windows server can use template-based certificates.įor more information, see the following articles: Use the Microsoft certificate template reference in the sections below to identify the certificate template that most closely matches the certificate requirements. When you use Active Directory Certificate Services and certificate templates, this Microsoft PKI solution can ease the management of certificates.
For client certificates that Configuration Manager enrolls on mobile devices and Mac computers, they require use of Active Directory Certificate Services. You can use any PKI to create, deploy, and manage most certificates in Configuration Manager. This information assumes basic knowledge of PKI certificates. The public key infrastructure (PKI) certificates that you might require for Configuration Manager are listed in the following tables.
Applies to: Configuration Manager (current branch)