I promised a few days ago that I’d tidy up some code and release the certificate enroller utility. So here it is; in a cab file and ready for consumption.
Since I covered most aspects in my previous article I’ll keep this short.
I am aware that my naming convention for my small utilities is rather dull. [...]
Category Archives: SCMDM
DojoCert – Certificate Enroller
Enrolling Personal Certificates with SCMDM
User certificates has been sort of an illusion when it comes to Windows Mobile. It’s been around for a while, but there’s been a few obstacles implementing this. Granted it’s part due to the fact that not everyone’s comfortable setting up a CA, and possibly not require one either. The general understanding of how Windows Mobile works. (Maybe there is a PKI guru in the company, but he doesn’t know what provisioning xml means, and the Windows Mobile guru doesn’t know how the CA works, and you’ve got things going.) Maybe I’m painting a dark picture, but I’m just saying it’s a possible obstacle. And there are of course many companies who are using certificates with success too for that matter.
…
Taking a closer look at your options to enrolling certificates in an easy way.
Implementing a dedicated CA/PKI for SCMDM
System Center Mobile Device Manager 2008 is a demanding product to install in your infrastructure. You need to be able to work out firewalls, routing, and the usual things, but in addition you need a CA to issue certificates. There are a couple of possible responses from customers and system integrators to this requirement;
- “No biggie. I’ll just install a new CA, and hit next-next-next in the wizard.”
- “How do we integrate it with our current PKI infrastructure?”
- “Sounds complicated. Do I have to install a bunch of servers just to get certificates for some mobile devices?”
(…)
In this post I will be trying to build a CA dedicated for usage in an SCMDM scenario, and restricting it to only work for this purpose.