Skip to content

Enterprise Mobility + Security

Update for the Configuration Manager Client Messaging SDK

The Configuration Manager team is pleased to announce that an updated version of the Configuration Manager Client Messaging SDK version 5.1710.1059.1000 is now available on NuGet.org. Notable changes in this version: Support for Cryptography Next Generation (CNG) certificates on Configuration Manager 1710 and newer  Bug fixes and improvements For more information about CNG support in...

Read more

Announcement: How to Request a Certificate with a Custom Subject Alternative Name

[Today’s post comes from Carol Bailey] I’m really pleased to be able to announce a recent publication from the Certificate Services documentation team that will help our customers running Configuration Manager in native mode: How to Request a Certificate With a Custom Subject Alternative Name. There are a couple of native mode scenarios that require...

Read more

Known Issue: Logging Information for Native Mode Certificate Selection

[Carol Bailey has contributed today’s post] A couple of issues recently came to our attention from the TechNet forums with regard to native mode certificate selection when there is more than one available certificate that could be used: When a certificate in the certificate store has expired, we log this and Trace32 highlights it as...

Read more

Updated Blog Post for How to Publish the CRL on a Separate Web Server – for Delta CRLs

[Carol Bailey has updated her previous post “How to Publish the CRL on a Separate Web Server”]    We’ve recently updated our blog post for publishing the CRL on a separate Web server because the instructions were missing the variable <DeltaCRLAllowed> in the paths, which is needed for delta CRLs. As a rule, I’m not fond of...

Read more

Recommendations for PKI Key Lengths and Validity Periods with Configuration Manager

[Today’s post is provided by Carol Bailey] I sometimes get questions from customers about values to set for the key sizes and validity periods for the certificates required for native mode and out of band management in Configuration Manager.  This has been a tough one for me to answer, because in the main, these values...

Read more

How to Publish the CRL on a Separate Web Server

[Today’s post is provided by Carol Bailey] By default, an issuing enterprise CA publishes its certificate revocation list (CRL) to locations within the forest. When you are using Internet-based client management with Configuration Manager, there are scenarios where you might need to publish the CRL on a separate server, outside the forest. These scenarios include...

Read more

Requesting an AMT Provisioning Certificate with Windows Server 2008 CA

[Today’s post is provided by Carol Bailey] With the December documentation update for the Configuration Manager library, we posted a new step-by-step guide for out of band management, to help customers deploy the PKI certificates with a Windows Server 2008 CA (http://technet.microsoft.com/en-us/library/dd252737.aspx).  One of the main differences with this guide from the equivalent step-by-step that...

Read more