ITMS Administrator Group

I'm preparing to upgrade from ITMS 7.1 to 7.5.  One requirement is to switch to SSL / HTTPS if planning to implement CEM, which we are.  In discussions late last year, I know I was told we could use either self signed certs, public certs, or internal CA certs.  However, none of the documentation mentions the option of an Internal CA and I've had a rough time generating the proper cert using our internal MS CA.  

So far I have a cert and imported it using the cert MMC but it doesn't show up as an option to bind https within IIS.  When I try to import via IIS, it wants a PFX file but the cert I have is in P7B format.  

Has anyone succesfully implemented ITMS 7.5 w/ CEM using an internal CA?  If so, can you share any tips you have on what template to use, options to enable, etc.  Since I'm not a cert expert, I was hoping to find a step by step instruction set for creating the cert but I've only been able to find that for the self signed cert.  

Yes, I've been over all the documentation in the admin guide, the upgrade guide.  The cert creation instructions are limited to the steps documented in this KB: http://www.symantec.com/business/support/index?page=content&id=HOWTO93188 

Hi JoeVan,

I've sent an information to you. Probably it will be useful.

Thanks,

IP.

I am in the exact same boat.

Igor or Joe, would one of you send me the same info?

Hi ziggy,

I've sent to you as well

Why not add it to this thread so that everyone can benefit from it?

Hi Scott! OK :- ) I thought that such information will not be very useful, therefore just sent a message with couple marks.

 

I have such test environment with ITMS 7.5 HF4, where ITMS server, Site Server and client computers are joined in Active Directory, where "Active Directory Certificate Services" is installed.

In Active Directory we have Group Policy which delivers to each joined computer an internal CA, so each client computer has own certificate issued to its own FQDN and signed by our Domain in this AD.

Each computer where IIS is installed, able to use this certificate for own Web Site. That I've used for ITMS 7.5 Web Site server.

 

Also I've used same certificate for "CEM Web Site" as well as for ITMS 7.5 Web Site.

And I saw that SMA on my client computer {Win7SP1x64} was successfully switched to CEM mode and communicated with ITMS server via CEM Gateway.

Note: 

• Windows Server 2008 R2 SP1 x64, where I've setup CEM gateway, also was joined in same Active Directory where ITMS, Site Server(s) and clients were joined as well.

Summary:

• For me it worked and seems like for you it should work as well.

 

Here is a video where shown how to setup/configure Certificate with ADCS:

http://www.youtube.com/watch?v=9tw0QNqHlkA

 

Thanks,

IP.

If you know how to issue a cert that has Server Authentication under Key Usage, you would request it from your SMP server, and add/set usage of that cert in IIS settings (the admin guide shows how to do that in IIS). I've done this in both my prod and dev environments and my clients connect properly over SSL. We have Microsoft AD Certificate Services as our PKI. As for the CEM gateway, as I understand it, it only works woth its self signed cert, but that cert is delievered to cem enabled agents.

JoeVan,

I think that this question can be closed, since you've already implemented CEM environment and it works :- )