Automatically via Active Directory
>
If your computers are a member of the domain and the schema has been extended for Configuration Manager 2007, it is recommended to use Active
Directory to obtain the internet site server signing certificate due to the fact it is additional secure and calls for much less management overhead. On the other hand, if your computers belong to numerous forest than your web-site server, are members of a workgroup, or managed by way of the Online, you will not be able to use Active Directory to obtain the certificate.
Manually when the Configuration Manager 2007 Client is Installed If you will need to install the web site server signing certificate when the Configuration
Manager 2007 client is installed, use the SMSSIGNCERT selection to specify the path to the exported certificate. This will install the certificate to the neighborhood machine so that it is ready for use. Automatically via the Management Point
If the Configuration Manager client can't get the web site server signing certificatevia Active Directory and it is not installed locally, it will attempt to download it from the management point. If your customers are managed on the World-wide-web, this regarded as the least secure technique. If your management point only accepts clients, but, this is a lot more secure just because the certificate is not getting deployed via the Online.
