RS1 Posted April 1, 2014 Report post Posted April 1, 2014 An external consultant recently installed SCCM 2012 ( SP1 ) in our US office. This runs with a Server 2012 PKI issuing certificates via GPO> Windows 7 and Windows 8 machines receive the certificate correctly. Everything looked great until the manager announced that there were 120+ XP machines he had not previously disclosed. The XP machines did not receive the certificate until we changed the Intermediate CA with the certutil -setreg CA\InterfaceFlags -IF_ENFORCECRYPTICREQUEST command as documented in a Microsoft forum. Once that change was made certificates began to issue to Windows XP machines. However, the client shows a Certificate of NONE. Investigating the certificate I found a message in the general tab which states; The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered. When I look at the Certification Path of the certificate I can see the following ROOTCA The cert is OK. Intermediate CA This cert is OK. PCName.domain.com - This cert has a big red X on it with the message un the status box which reads "This certificate has an nonvalid digital signature" We have developed a number of packages for an upcoming migration ( we travel to the US at the weekend ) and, without a fix here, the manual work will prevent the trip from occurring. Ultimately we'd say "XP isn't supported next week. You should have decommissioned these machines" but that cant happen with all flights and hotels booked. Can anyone point me in the right direction please? What do I need to do to get these to accept the certificate? Quote Share this post Link to post Share on other sites More sharing options...
