2. Set up HTTPS Client Communication with SCCM

In this post we setup the HTTPS client-side connection to SCCM Management Point directly or via the Cloud Management Gateway. CMG is a cloud proxy running Windows Server 2012 R2. HTTPS connectivity is recommended wen connecting to an Internet resource to validate the identity and secure (encrypt) the data. In the image below with orange you can see the connections we want to encrypt: Internet client to CMG Internet client to SCCM MP via CMG Intranet client to SCCM MP The following will be addressed Client Certificate Root Certificate SCCM Web Certificate Configure SCCM for HTTPS     1. Client Certificate 1.1 Create Auto-Enroll Client Certificate On a domain controller open Certification Authority Go to Certificate Template, right click, Manage Select Workstation Authentication, right click, Duplicate Template Make sure on Compatibility Tab there is Server 2003 On General tab fill in a display name for your template (e.g. SCCM Client Certificate) On Security Tab give Domain Computers Read, Enroll and Autoenroll permissions Click OK , then close the Certificate Templates Console In the Certification Authority console, right click on Certificate Template-> New-> Certificate Template to Issue select SCCM Client Certificate we created earlier, click OK Close Certification Authority 1.2 Create Client Enrollment Policy On one domain controller Open Group Policy Management Right click Group Policy Objects -> New Enter Name for the new policy : Client Certification auto-enroll ,...

Read More