I’ve seen the question come up a few times “How do I deploy certificates for mutual authentication in SCE”? And the fact is you cannot. SCE requires that agent-managed computers have membership in a domain.

However, SCE does use certificates, just not for mutual authentication between agent and management server.

There are actually 2 certificates used in SCE, both used by the WSUS component:

· WSUSCodeSigning.cer: This is the code signing certificate that the server uses to sign locally published updates. This certificate must be trusted by client computers in order to install locally published updates.

· WSUSSSL.cer: This is the SSL certificate that is used by the WSUS Administration web site. The certificate must exist in the client’s local computer certificate store in order to connect to the Essentials server to check for updates.

NOTE: System Center Essentials does NOT support using certificates issued by a third-party certificate authority for the SSL and Code Signing certificates.

· The hash for these certificates is stored in the registry under HKLM\Software\ Microsoft\ System Center Essentials\1.0\PolicySettings (SSLCerthash and WSSUCodeSigningCertHash).

· Certificates files should be placed in <EssentialsFolder>\Certificates.

This entry was posted on Monday, August 13th, 2007 at 11:43 am and is filed under Documentation, Essentials 2007, News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.