Digital certificates are becoming popular and common for authentication and authorization of entities, such as non-domain-joined clients in a network. The entity typically must prove its identity, or authenticate itself, as a precondition for receiving the service from the server. The entity may authenticate using a digital certificate. As an example, the server may provide “management” services like hardware or software inventory, software distribution, patch management, OS imaging, compliance monitoring/management, status reporting and so forth.
The digital certificate includes information indicating that the entity is trusted by an independent source known as a Certificate Authority (CA). The Certificate Authority may generate the certificate by signing the entity's public key with its own private key to establish that the certificate was issued from that particular Certificate Authority and not an imposter. If the Certificate Authority is trusted by the server, the certificate will serve as confirmation that each entity is in fact who it says it is. Certificates are supported on a variety of platforms, hardware, and operating systems. Examples are Windows-based computers, handheld electronic data devices, embedded computers, mobile phones, smart cards and so forth.
Today, certificate provisioning and maintenance are integrated with security identity management systems such as, for example, Active Directory®, available from Microsoft® Corporation of Redmond, Wash. These systems typically use the domain identity of the client as a basis for certificate issuance, renewal, and other purposes. For example, a computer can be joined to a domain by using “special domain join” or “Domain User” credentials. These domain join credentials are set by the administrator. The administrator may set one or many domain join credentials per domain. These need to be provided in order to join the domain. An example is a Change Configuration Management product like System Center Configuration Manager (SCCM) 2007, also available from Microsoft® Corporation of Redmond, Wash. SCCM 2007 manages various clients including Windows® desktops, laptops, servers, mobile phones, personal digital assistants, embedded-devices, non-Windows® operating system devices, and the like. When these clients are domain-joined, a classic public key infrastructure (PKI) can provide certificate management and identity verification for them.