The biggest problem, for me, with Native Mode were all the certificates that were needed. That’s why I created an table for myself with the basic certificates that are needed for Native Mode and where to add them. The “Where to add” column is based on Windows Server 2008.
ConfigMgr Component | Use | Where to add |
Primary Site Server | Document Signing | ConfigMgr > Site Management > Site Database > Properties Primary Site > Tab Site Mode |
Management Point, Proxy Management Point, Distribution Point, Software Update Point en (State Migration Point) | Server Authentication (Web Server Template) | IIS > -Right-click- Sites > Edit Bindings > HTTPS -Edit- |
Client computers | Client Authentication (Computer Template) | GPO > Policies > Computer Configuration > Windows Settings > Security Settings > Public Key Policies > -Right-click- Certificate Services Client –Auto-enrollment |
Operating System Deployment/PXE | Client Authentication (Workstation Template) Don’t forget the option: Allow Private Key to be exported | ConfigMgr > Site Management > Site Database > Primary Site > Site Settings > Site Systems > Properties ConfigMgr PXE Service Point > Tab Database |
Root CA for OSD | Root | ConfigMgr > Site Management > Site Database > Properties Primary Site > Tab Site Mode > Specify Root CA Certificates… |
For more detailed information: http://technet.microsoft.com/en-us/library/bb680733.aspx