[isalist] Re: SCCM Publishing
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 9 Jun 2009 12:12:28 -0700
That SAN field is required by Windows; not ISA.
In order for a certificate to be valid for authentication, the SAN must contain
an entry which represents the domain account being authenticated.
Machine accounts are represented as machinename$ in AD.
You'll have to build the SAN value as described in the article or ISA will be
unable to authenticate the machine account.
Jim.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan Roberts
Sent: Tuesday, June 09, 2009 6:07 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] SCCM Publishing
I am trying to set up SSL bridging for interaction between internet based SCCM
clients and the SCCM MP and am working through the document at
http://technet.microsoft.com/en-us/library/cc707697.aspx. All of our clients
are domain joined laptops and we will be using the internet client
functionality of SCCM to simply communicate with these domain joined machines
when they are off site (e.g. at a users home or on a client site). All
computers in the domain are currently automatically issued computer
certificates from our Windows 2003 enterprise based PKI. The document above
however creates custom certificates for issuance to clients that contain a
Subject Alternative Name with the format: upn=<hostname>$@<domain.tld>,
something the certificates we currently issue do not include. Is this SAN
field required in our scenario or is this only applicable to scenarios
including internet clients that aren't domain joined and haven't been
automatically enrolled for computer certificates via active directory?
Thanks
Alan
Alan Roberts
Senior IT Services Administrator
This email and any attachment is for authorised use by the intended
recipient(s) only. Its contents may be
confidential and/or subject to legal privilege and should be treated as such.
It should not be copied,
disclosed to, retained or used by any other party. If you are not an intended
recipient please notify
the sender immediately and then delete this message and any attachments.
Any views or opinions presented are solely those of the author and not those of
Phoenix IT Group plc or any
of its subsidiaries. This email is not intended to be contractually binding.
Although we have checked this email for viruses, it is your responsibility to
scan the message and
attachments prior to opening them. We do not take responsibility for loss or
damage caused by viruses.
Phoenix IT Group plc Registered in England
no. 03476115
Phoenix IT Services Limited Registered in England
no. 01466217
Trend Network Services Registered in England
no. 01049704
Registered offices: Technology House, Hunsbury Hill Avenue, Northampton NN4
8QS.
Servo Limited Registered in England
no. 01983540
ICM Business Continuity Services Limited Registered in England
no. 02762460
Registered offices: Servo House, Oakwell Way, Oakwell Business Park, Birstall
WF17 9LU
Other related posts:
