Over the last little while I have been updating or releasing new Certificate blogs to help with setting up HTTTP for Power BI Report Server (PBRS) or SQL Server Report Services (SSRS). But this also included more generic blogs such as how to request a cert too. Since they are all over the place, I made this blog to link to them all to make it easier for you to find all of the blogs in one place. Each blog has also been updated to included a video too.
At the same time, if you want skip and go directly to the you can find all the videos on Ask Garth YouTube Channel.
What is AD CS?
AD CS stands for Active Directory Certificate Services. It is a role in the Windows Server operating system that provides customizable services for issuing and managing public key infrastructure (PKI) certificates. PKI involves the use of public and private keys to secure communication, authenticate users, and ensure the integrity of data.
Consequently, common use cases for AD CS include securing communication between computers, implementing virtual private networks (VPNs), enabling secure email communication (S/MIME), and authenticating users in web applications through the use of client certificates.
In summary, Active Directory Certificate Services is a crucial component in the Windows Server environment, providing a scalable and flexible infrastructure for managing digital certificates and enhancing the security of network communications.
At any Rate, as a ConfigMgr administrator you will leverage PKI and certificate a lot! As a result, below are a number of Certificate blogs on my journey to secure my lab that you will find helpful.
How Does ConfigMGr use PKI?
Microsoft Configuration Manager (ConfigMgr) can use PKI to enhance the security of communication between its various components and clients. PKI is a framework that involves the use of digital certificates and cryptographic keys to secure communication and verify the identity of entities. In the context of ConfigMgr, PKI is typically used for securing the communication between SCCM site servers, clients, and other related components.
Here are some ways ConfigMgr uses PKI:
As shown above, ConfigMgr uses PKI to authenticate and secure communication between different ConfigMgr site systems. This includes communication between site servers, distribution points, and other site systems. Digital certificates are used to verify the identity of these systems, ensuring that communication is secure and that ConfigMgr components can trust each other.
PKI is used to authenticate ConfigMgr clients. Each client is issued a digital certificate, and this certificate is used to verify the identity of the client when it communicates with SCCM. This helps prevent unauthorized clients from accessing ConfigMgr services.
PKI is used to establish secure and encrypted communication channels between ConfigMgr components and clients. This is important for protecting sensitive information, such as deployment packages, software updates, and inventory data, as it travels between different components in the ConfigMgr infrastructure.
ConfigMgr can be configured to use HTTPS for communication between clients and site systems, including distribution points and management points. PKI is used to secure the HTTPS communication by providing the necessary digital certificates for encryption and authentication. This also include Power BI Report Server (PBRS), SQL Server Reporting Services (SSRS), Windows Software Update Services (WSUS), etc.
Client PKI Certificate Enrollment:
ConfigMgr can be configured to assist in the enrollment of PKI certificates for clients. This involves automatically requesting and renewing certificates for clients to ensure that they have valid certificates for secure communication.
It’s important to note that while PKI can enhance the security of ConfigMgr communications, implementing PKI in an ConfigMgr environment requires careful planning and configuration. This includes setting up a PKI infrastructure, issuing and managing digital certificates, and configuring ConfigMgr to use PKI for secure communication. Additionally, organizations need to consider factors such as certificate revocation and renewal to ensure the ongoing security of the ConfigMgr environment.
As a ConfigMgr administrator you will leverage PKI and certificate a lot! Below are a number of Certificate blogs on my journey to secure my lab that you will find helpful.
Learn the basics of Active Directory Certificate Services (AD CS) with this easy-to-follow guide for Microsoft Configuration Manager ConfigMgr Administrators.
Learn how to configure Active Directory Certificate Service (AD CS) in this step-by-step guide. Gain the skills necessary to install AD CS and become a SCCM administrator with confidence. Install and configure a simple AD CS for Lab environment.
Need assistance on how to request certificate for a PBRS or SSRS setup? This guide and video tutorial will help you achieve secure access to your server with HTTPS.
Configure your SQL Network Service account for ConfigMgr and RBA for use by PBRS. Get the essential details from this blog post by an expert ConfigMgr admin.
Particularly for ConfigMgr not using the network server account can lead to issue with Role base Administration. Even so, this blog will show you how to change the PBRS account to the Network Server account.
Learn how to easily setup PBRS or SSRS to use a certificate with this detailed guide. Follow the steps as explained and get HTTPS/SSL working on PBRS or SSRS in no time.
Follow this article to securely remove port 80 from PBRS. Get instructions on setting up PBRS or SSRS with certificates to guarantee secure network access.
Above all, eliminate annoying certificate messages in RDCM and Remote Desktop Connection (RDC) by creating RDP certificates like a pro! Once, I started down Certificate Server in my lab, I wanted to suppress the RDP Cert errors. This blog will show you how to create the Cert needed for that.
Accordingly, discover how to configure Group Policy Object (GPO) for RDP Certificates enrollment. Also, includes step-by-step guide and video to ensure fast configuration. Learn how to confirm successful enrollment.
Learn how to delete reports & folders from your PBRS server quickly. Learn how to remove linked reports & PBIX with this comprehensive guide. Not strictly related to Certificates but when you have SSRS or PBRS connected to ConfigMgr you can end up with extra “ol_” folders. This blog will show you how to remove them.
As a result, make sure that your environment is secure with a code signing certificate. Hence, learn how to request and enroll a user account and create your own code signing certificate using ADCS. Learn the steps with this article.
Lastly, keep PowerShell scripts and your environment secure with code signing. Learn the right way to use the powerful tool of PowerShell for Configuration Manager.
If you have any questions about Certificate Blogs for ConfigMgr Admins, please feel free to contact me @GarthMJ.