SCCM Third party certificates for IBCM?

[glen8 3]

Hi Everyone,

We have an SCCM CB IBCM server within our DMZ serving up updates for our internet based laptop users.  Today we ran an external vulnerability scan to health check the security of our network.  The report flagged up a red mark against our IBCM server due to not using third party certificates.  "Due to using an internally generated certificate the server is unable to verify it"  or words to that effect.

I'm sure I'm correct in saying that each an every client much have a unique certificate for SCCM to work, and using a third party cert would be incredibly expensive if we had to purchase 100s of them for each client.

Can someone please confirm the correct usage of certificates in an IBCM scenario please.  Should we be using third party certs, or carry on using the current internal ones.  Thanks!

[Judical 0]

The access point should be using a third party cert, not your client machines.
 

-Judical

[glen8 3]

On 11/6/2018 at 2:36 PM, Judical said:

The access point should be using a third party cert, not your client machines.
 

-Judical

Thanks very much,

In nearly every guide I've read on IBCM, there is only ever the mention of creating the certs yourself.  I did wonder if you could mix a 3rd party certificates on the server, with internal ones for clients.

Now I know you can, we'll get one ordered and installed.