How To Configure PKI for Microsoft SCCM to Use HTTPS/SSL Instead of HTTP

2 min read 8 months ago
Published on Apr 21, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Step-by-Step Tutorial: Configuring PKI for Microsoft SCCM to Use HTTPS/SSL Instead of HTTP

  1. Install Enterprise Certificate Authority on Domain Controller:

    • Go to your domain controller and install the Enterprise Certificate Authority.
    • Choose to add a new Active Directory Certificate Services with default options.
    • Select the Certificate Web Service component and proceed with the installation.
  2. Create Certificate Templates:

    • Create certificate templates for servers like Operating System Deployment (OSD) and clients.
    • Ensure private key export is not allowed for security.
    • Set the subject name and permissions for each template.
  3. Issue Certificate Templates:

    • Right-click on Certificate Templates and choose to issue the templates created earlier.
    • Select all three certificate templates for deployment.
  4. Configure Client Communication:

    • Enable HTTPS for SCCM clients by configuring auto-enrollment in Active Directory.
    • Set the policy to renew expired certificates and update templates.
  5. Bind Certificates to Site Systems:

    • Bind the certificates to site systems like distribution points, management points, and software update points.
    • Export and import the distribution point certificate for client authentication during imaging.
  6. Verify SSL Configuration:

    • Check and verify the SSL configuration on management points, distribution points, and software update points.
    • Ensure that the client certificates are correctly enrolled and used for communication.
  7. Restart Services and Clients:

    • Restart services on site systems like management points and distribution points for the new SSL configurations to take effect.
    • Restart client machines to ensure they communicate securely using the new certificates.
  8. Monitor Client Communication:

    • Monitor client communication through log files to ensure successful HTTPS communication.
    • Check client certificates and verify that clients are using PKI certificates for secure communication.
  9. Final Checks and Future Considerations:

    • Verify that clients are successfully communicating over HTTPS.
    • Consider future enhancements like Internet-based client management and Cloud Management Gateway for additional security and management features.
  10. Feedback and Further Assistance:

  • Leave comments or questions in the blog post or YouTube comment section for additional assistance or clarifications.

By following these steps, you can successfully configure PKI for Microsoft SCCM to use HTTPS/SSL for secure client and server communications.