Contents

Defines one or more certificate issuers that Nomad will use to select the appropriate PKI certificate for the:

  • Configuration Manager (CM) client authentication certificate - used when downloading over HTTPS from Distribution Points and when communicating with Management Points during pre-caching
  • Nomad Server Authentication certificate - used to share content between peers over HTTPS
  • Client Authentication certificate - used for certificate-based client authentication when sharing content between peers over HTTPS.

In most cases Nomad will be able to identify a suitable certificate in the Local Computer Personal certificate store without needing to specify CertIssuer (refer to Peer copy over HTTP or HTTPS: Certificate Selection for more details). You should use CertIssuer if the CM client is not using PKI certificates and there are multiple Client Authentication certificates issued by different Certificate Authorities in the store, and if there is a chance some of those certificates may not be trusted by other peers or CM site systems.

Registry valueDefault valueNotesInstaller property
CertIssuer" "

Set this value to the name of the certificate issuer (Certificate Authority (CA)) that Nomad should use to select the appropriate PKI certificate. A case-insensitive substring-within-a-string match is performed.

If you have multiple CAs you can specify a:

  • Common sub-string (e.g. "CORPCA" would work for certificates issued by CORPCA1 or CORPCA2)
  • Comma-separated list of certificate issuers (both exact names or substrings are acceptable values). For example, "DigiCert,Thawte,Verisign" would work for certificates issued by DigiCert, DigiCert EV, Thawte or Verisign. 

If you are only using HTTPS for downloading from an HTTPS DP (That is, not using HTTPS for peer-to-peer data transfer) you can leave this blank and set CertSubject instead. 

MODULE.NOMAD.CERTISSUER