Configure Management Point for HTTPS | ConfigMgr | SCCM

Updated: 5 days ago

Microsoft deprecated HTTP-only communication in Configuration Manager to increase security. The HTTP-only communication will not be supported with first release after Oct 31, 2022. Hence, existing infrastructure should be configured for HTTPS based communication in ConfigMgr.

The HTTPS communication can be enabled using PKI certificates. The HTTPS communication is also required for Management Point if you want to use Cloud Management Gateway (CMG) to support internet-based clients. If you are not ready for HTTPS based communication for all clients and need HTTPS management point for CMG only then dedicate a management point for CMG and configure that one for HTTPS.

In this blog post, we will walk through the SSL requirements and configuration for SCCM management point. We will use SSL certificates from Microsoft Public Key Infrastructure (PKI)

Related Post:

Configure Software Update Point for SSL | ConfigMgr | SCCM

Deploy client authentication certificate for SCCM clients

Table of Contents

Create AD Group for ConfigMgr IIS Servers

Create an AD Group with SCCM IIS Servers name and add SCCM site system server (e.g, Management Point) member of this AD group. When we will issue a Web server authentication certificate later, the certificate enrollment permission will be granted to this AD group.

Issue Server Authentication Certificate for SCCM IIS Site System Servers

On the server running the certification authority, open the Certification Authority Console, right click Certificates Templates and select Manage