You can configure Device Manager with Microsoft Active Directory
Certificate Services (Microsoft Certificate Services) to generate user
certificates for certificate-based authentication. Device Manager can also be
configured as a registration authority to generate requests and to issue device
identity certificates with Microsoft Certificate Services. In addition, you can
configure Device Manager to use external SSL server certificates and digital
signature certificates from other PKI-trusted certificate authorities.
Important: Changing the digital signature certificate or
the SSL certificate authority disables the management of currently enrolled
devices and requires reenrollment of all devices.
Device Manager makes certificate requests to Microsoft Certificate
Services through web enrollment, acting as a client to Microsoft Certificate
Services and requesting certificates on behalf of users with enrolled devices.
This section describes how to create a Microsoft Certificate Server entity and
how to configure Device Manager to request certificates for users.