how to deploy client certificate for mac computers · in this post we will see how to deploy client...
TRANSCRIPT
In this post we will see how to deploy client certificate for Mac computers. If you are looking to install SCCM client agents
on Mac computers and manage Mac computers in System Center 2012 Configuration Manager, it requires public key
infrastructure (PKI) certificates. When you have PKI in place, then Configuration Manager can request and install a user
client certificate by using Microsoft Certificate Services with an enterprise certification authority (CA) and the Configuration
Manager enrollment point and enrollment proxy point site system roles. If you don’t have PKI in place, you can request and
install a computer certificate independently from Configuration Manager if the certificate meets the requirements for
Configuration Manager. The whole idea of deploying PKI certificates is to secure the communication between the Mac
computers and the Configuration Manager.
How to deploy Client Certificate for Mac ComputersIf you are looking for PKI step by step guide for SCCM 2012 r2, then click on the below button. You must have PKI
configured before you proceed any further.
Deploy PKI Certificates for SCCM 2012 R2 Step by Step GuideNote that the certificate that we create and issue basically authenticates the Mac client computer to the site system servers
that it communicates with, such as management points and distribution points.
Creating and Issuing a Mac Client Certificate Template on theCertification AuthorityBefore you create a certificate template, create a security group (for example Mac Users) that contains user accounts for
administrative users who will enroll the certificate on the Mac computer by using Configuration Manager.
On the member server that is running the Certification Authority console, right-click Certificate Templates, and then
click Manage to load the Certificate Templates management console.
In the results pane, right-click the entry that displays Authenticated Session in the column Template Display Name, and
then click Duplicate Template.
NOTE – If you are not using PKI, for certificate installation independent from Configuration Manager always use
Workstation Authentication template.
In the Duplicate Template dialog box, ensure that Windows 2003 Server is selected. In the Properties of New
Template dialog box, on the General tab, enter a template name to generate the Mac client certificate, such as Mac
Client Certificate.
Click the Subject Name tab, make sure that Build from this Active Directory information is selected, select Common
name for the Subject name format: and clear User principal name (UPN) from Include this information in alternate
subject name.
Click the Security tab, and remove the Enroll permission from the Domain Admins and Enterprise Adminssecurity
groups.
Click Add, specify the security group that you created for users who will enroll the certificate on the Mac computer by using
Configuration Manager, and then click OK. Select the Enroll permission for this group, and do not clear
the Read permission.
In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to
Issue.
In the Enable Certificate Templates dialog box, select the new template that you have just created, Mac Client
Certificate, and then click OK.
The Mac client certificate template is now ready to be selected when you configure client settings for enrollment. In the
upcoming posts, we will see more about installing client agents on mac computers and managing them via Configuration
Manager.