Jump to content


How can I configure System Center Configuration Manager in HTTPS mode (PKI) - Part 1

Recommended Posts

My company is reviewing security vulnerabilities, and this certificate (specifically, the IIS certificate), comes back as vulnerable because the subject name is supplied in the request. I'm wondering if this option can be replaced with using the option to build the subject name from AD, as long as it includes the fully distinguished name DNS name for the SAN. 

Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1) - Microsoft Defender for Identity | Microsoft Learn

I understand that it may cause issues if you're doing IBCM, but we have DirectAccess and clients are encouraged to use FQDN wherever possible (to enforce Kerberos), so I'm just curious if I can have the certificate configured as I described, or should I just enable manager approval? 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.