Updated: 5 days ago
Microsoft deprecated HTTP-only communication in Configuration Manager to increase security. The HTTP-only communication will not be supported with first release after Oct 31, 2022. Hence, existing infrastructure should be configured for HTTPS based communication in ConfigMgr.
The HTTPS communication can be enabled using PKI certificates. The HTTPS communication is also required for Management Point if you want to use Cloud Management Gateway (CMG) to support internet-based clients. If you are not ready for HTTPS based communication for all clients and need HTTPS management point for CMG only then dedicate a management point for CMG and configure that one for HTTPS.
In this blog post, we will walk through the SSL requirements and configuration for SCCM management point. We will use SSL certificates from Microsoft Public Key Infrastructure (PKI)
Table of Contents
Create AD Group for ConfigMgr IIS Servers
Create an AD Group with SCCM IIS Servers name and add SCCM site system server (e.g, Management Point) member of this AD group. When we will issue a Web server authentication certificate later, the certificate enrollment permission will be granted to this AD group.
Issue Server Authentication Certificate for SCCM IIS Site System Servers
On the server running the certification authority, open the Certification Authority Console, right click Certificates Templates and select Manage