In some situations, an administrator of System Center Mobile Device Manager 2008 (SCMDM) must manually request a Gateway Configuration Management (GCM) certificate from the Certificate Authority's (CA) web enrollment page. If the server hosting the web enrollment page has been updated with the hotfix described in Knowledge Base article KB922706, the option to "Store certificate in the local computer certificate store " will not appear.
The hotfix changes the web enrollment page to support clients using Windows Vista, Windows Server 2008, Windows 7 and later clients. The underlying ActiveX control invoked by the "Store certificate in the local computer certificate store" checkbox no longer runs when the fix is applied, even if the client requesting the certificate is running an OS prior to Windows Vista.
1) One workaround would be to install only the web enrollment tool on a server hosting IIS, and pointing to the issuing CA currently used by SCMDM. Do not install the hotfix for 922706 on this server. The "Store certificate in the local computer certificate store " checkbox should be available.
Note: If the web enrollment tool has been installed on a server hosting IIS that does not have the hotfix, but points to an issuing CA other than the one previously used by SCMDM, the certificate for the issuing CA must also be installed on any server receiving a certificate from the web enrollment tool.
2) An alternate workaround, if option 1 is not available:
Open a MMC on one of the CAs and add the Certificate Templates snap-in.
Double click on the SCMDMGCM template and go to the Request Handling tab of the property dialog.
Check the Allow private key to be exported checkbox. Click Apply. Click Ok.
Follow the section "Create and Install certificates from the SCMDMGCM Template" section of the Manual Certificate Procedures chapter of the SCMDM Deployment Guide.
Open a MMC on the DM server and add the Certificates snap-in for "My User Account". Add the Certificates snap-in for "Computer Account".
Under "Certificates - Current User", expand the Personal store, highlight Certificates.
Right click on the certificate issued using the GCM certificate template and choose Export. Select the option to export the private key and accept the default format. Save the certificate to the desktop.
Under "Certificates (Local Computer)", expand the Personal store, highlight Certificates.
Right click on Certificates, click on All Tasks, then select Import...
Browse to the file you just saved on the desktop.
Verify that the Place all certificates in the following store option is selected and that the Personal store of the local computer is selected.
Finish the "import certificate" wizard and verify that the GCM certificate (and private key) have been successfully imported.
Note: You will have to complete the Provide Network Service Permissions to the Certificate section of the Manual Certificate Procedures chapter after completing this workaround.