Client Certificate for Distribution Points:
Log on to Certification Authority, right click Certificates Templates and choose Manage.
Right click on Workstation Authentication and select Duplicate Template.
Choose windows Server 2003 Enterprise
Give a relevant name to the certificate template
Open Request Handling Tab and select Allow
Click Security Tab, choose Enterprise Admins group REMOVE Enroll permission and make sure only Read and Write permission are given.
Click Add, choose SCCM Site Servers group. Make sure Read and Enroll permission are given. Apply and OK.
Return to Certification Authority, right click Certificate Templates/New/Certificate Template to Issue
Select the certificate template you just created.
Requesting the Distribution Points Certificate:
Log on to Site Server and request the Distribution Points Certificate. To do that follow the procedures below.
Start/Run/ type mmc
Click File/Add-Remove Snap-In
Choose Certificates and click Add
Choose Computer Account
Choose Local Computer/Finish
Expand personal Certificate store and right click on Certificates/All Tasks/Request New Certificate
Check Distribution Point Certificate, hit Details and then Properties. Normally friendly name would be empty for the certificate, but I want to add a friendly name to distinguish the certificates. I will just type ClientCertForDPs as friendly name.
Now click the Enroll button. After certificate is installed, click the Finish button.
Right click the Distribution Points Certificate/all Tasks/Export
Choose Export Format as below.
To keep the exported certificate safe, specify a password.
Enter the path where you are going to keep this certificate and click Next and Finish. The path should be a shared folder and SCCM server should have right to access this shared folder or just keep this certificate on SCCM Server itself.
We created all certificates that we need. Now we need to do some additional configurations. That is what Part4 covers.