In this post, we will see for deploying the web server certificate for the site system. The certificate is required for SCCM if you are planning to use the PKI environment.
Creating and Issuing the web server certificate template on the CA.
You can create a security group named MECM IIS server. This group contains the member servers (MECM Site Servers) that will run IIS. The server that has certificate services is installed in the Certification Authority console.
Right-click on Certificate Templates and click Manage
A new window will popup select the WebServer in Template Display Name, right-click on webserver and select the Duplicate Template
New windows Popup, make sure Windows 2003 server is selected
In the same windows select the General Tab, provide the template name that you will be using on MECM site systems.
In the Subject Tab, select Supply in the request is selected.
In Security Tab, remove Enroll permission for Domain Admins, Enterprise Admins
Click Add, enter MECM IIS. Select Enroll permission for this group, do not clear Read Permission. Click Ok,
In the certification Authority console, right-click on certificate templates, click on New and then select Certification Template to Issue.
In Enable Certificate template window, select the certificate which we created click on Okay.
Request Web Server Certificate
Microsoft recommends you restart the member server that runs IIS to ensure that the computer can access the certificate template that you created.
Open the Certlm.MSC on the Site System
Right-click on certificates -->Select All Tasks -->Request New Certificate
Select Certificate Enrollment Policy window popup, select Next.
On the Request Certificate page, select the MECM MP IIS from the list of certificates.
Click on More Information is required to Enroll for this certificate, Click here to configure the Settings.
In the Certificate Properties windows, select the Subject Tab. Leave it to default in the subject name. In the alternative name, section select the drop-down list, select the DNS. Provide FQDN name of site system
Click on OK -->Select Enroll Option
Configuring IIS to use the Web Server Certificates
Now, will configure IIS to use the webserver certificates. Launch the Internet Information Services Manager (IIS). Expand Sites, right-click Default Web Site, select the Edit Bindings.
In the Site Bindings window, select the Https click on edit
In Edit Site binding windows, select the Certificate that you requested. Click on OK.