Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 2

November 30, 2009 at 4:45 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

In my previous post I have talked about  the summary of Prerequisites required for OOB Management in SCCM at http://scug.be/blogs/sccm/archive/2009/11/27/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-1.aspx .

Now we will talk about the 3rd Party Remote Configuration Certificate that is needed on each OOB Service Point to Provision Intel vPro technology based systems (e.g. VeriSign, GoDaddy, Comodo, and Starfield).

Optionally you can generate your own certificate Provisioning Certificate from your Enterprise CA but that will require you to enter the certificate hash on each machine that you have in you’re environment. We do not want this , so we will selected in our case our third party vendor , nl Godaddy.com

You normally only need one OOB Service point in your organisation per forest , unless you go for a multidomain certificate. Those are way more expensive than a single domain certificate.

To acquire a certificate from Godaddy.com you will need to perform the following steps :

  1. You must purchase ‘Deluxe SSL’ or ‘Premium SSL’ from GoDaddy. ‘Standard SSL’ will not work !
  2. Key items that are detailed in the steps below that were required to get my certificate:
  3. ○ Certificate type must be a Deluxe Assurance SSL certificate

    ○ Certificate request is for an Organization

    ○ OU = Intel(R) Client Setup Certificate

    ○ CN = ServerName.domain.com (this must be the FQDN of the Provisioning Server for Remote Configuration generating the CSR)

    ○ Organization = The legal name of your organization that can approve your certificate request

    ○ Required Documentation to be submitted (Your Passport, Bank Statement, and Approval Letter on Company Letterhead)

  4. To generate the CSR you need to perdorm the following steps :
    • In Windows 2008 with IIS 7 :
      • Go to Internet Information Manager as shown below and select “Server Certificates”

                     1

      • In the “Server Certificates”window  , select “Create certificate request”

                               2 

      • In the “Request Certificate”window  , Fill in all the necessary fields

                               3

      • Select a minimum of 2046 bits encryption

                               4

      • Save the request to a file you specify . You will need this file when your perform your request by the third party  certificate provider.

                               5 

      • When finished , it should look like this :

                               6

How to purchase a godaddy intel Vpro certificate is explained here : http://communities.intel.com/community/openportit/vproexpert/blog/2008/03/03/steps-to-purchase-a-godaddy-certificate-for-the-purpose-of-vpro-remote-configuration

In part 3 we will explain how to import the Vpro certificate and to export the certificate again for the use of the OOB role in system Center config manager.

 

Hope it Helps ,

 

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest