Using a certificate acquired from one of the supported certificate authorities is best practice. Especially if you're looking to remote configure that many computers. Here is a guide for each of the supported certificate authorities.
After receiving a provisioning certificate, you will want to use SCS 9 to configure them.
If you do end up using SCCM 2012, you can integrate SCS 9 using the SCS Add-on.