Chapter 2. Implementing Security with Certificates

One of the most overlooked subjects when setting up Configuration Manager is the need to implement security. The requirements for this are purely on a per-customer basis. Very few industries will require this level of encryption for this type of data, unless they are supporting Internet-facing clients. Regardless of whether you are using certificates or not, information in Configuration Manager can be signed and encrypted. This is very useful and usually satisfies the majority of security requirements.

If this is not the case for your implementation, then you need to look at using certificates. In this chapter, we will look at certificates in detail from top to bottom; this will include looking at the following topics:

• How to plan for certificates
• How to set up secure communication using PKI and HTTPS
• How to deploy certificates to domain joined workstations
• How to deploy certificates to workgroup workstations