We have a Certfication Authority Server running on Windows Server 2008 Standard Edition. I do not want to purchase a 3rd party provisioning certificate from GoDaddy or VeriSign. Instead, I want to create my own internal provisioning certificate for vPro management through SCCM 2007. Can I do this with the Standard Edition or does my Certification Authority server absolutely require Enterprise Edition? If Enterprise Edition is a requirement, I assume I have 2 options - purchase a 3rd party provisioning certificate or add/migrate to Server Enterprise and install the Certification Authority role on that server. Can someone please confirm? Thanks!
The process involves creating v2 templates (Windows Server 2003 enterprise) of the provisioning certificate and Web Server certificate. The standard edition cannot issue such template. You will need to add (or migrate) your CA using the Server Enterprise edition.
http://technet.microsoft.com/en-us/library/dd252737.aspx Step-by-Step Example Deployment of the PKI Certificates Required for AMT and Out of Band Management: Windows Server 2008 Certification Authority
Thanks for the reply, but I've been doing additional research on this and multiple sources are stating that Windows Server 2008 R2 Standard Edition can also issue version 2 certificates. Can you confirm this? It will be much easier to upgrade a server to R2 than to add to or migrate my CA server to Server Enterprise Edition.
Windows Server 2008 R2 is able to issue version 2 certificate templates. When using your own internal CA to supply the provisioning certificate there are a couple of things to remember. The first is to make sure you create a Windows 2003 server supported certificate template. The second is you will need to add the root certificate hash into the Intel AMT firmware of each vPro computer.