Sinimini Posted December 9, 2014 Report post Posted December 9, 2014 Hi i have one sccm server with systems roles MP and DP and i would like to change communication to https. For this i need to request Certificates. One with Site System with IIS (Server Auth) and one for the Site System with DP. Because it's the same namen my first attempt was to issue on certificate with Server and Client Auth and install it on my Server. Now i get to the point where i have to change DP from HTTP to HTTPS and change the Selfsigned certificate to PKI certificate. I am not sure if this is still a good idea to use only one certificate. Can some explain to me what DP does when the certificate is imported. Is it going to be installed on clients? I've seen that the SelfSigned Certificate is shown under Administration > Security > Certificates but i couldn't see thsi certificate on a client. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted December 9, 2014 Report post Posted December 9, 2014 The name distribution point certificate, doesn't really cover the main usage. The main usage is for clients during the PXE deployment. For more information see also: http://technet.microsoft.com/en-us/library/gg699362.aspx 1 Quote Share this post Link to post Share on other sites More sharing options...
Sinimini Posted December 9, 2014 Report post Posted December 9, 2014 So when i use a Task Sequenz and the client doesn't have installed a valid Certificate the DP uses this certificate for the client without installing it on the client? I was already thinking about implementing a step in my OS Deployment where i would have to install Certificates before i join my domian, so i wouldn't have to do that Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted December 10, 2014 Report post Posted December 10, 2014 No, you don't need to implement steps in your task sequence for installing certificates. During the deployment it can use the distribution point certificate, if required. Quote Share this post Link to post Share on other sites More sharing options...
Sinimini Posted December 17, 2014 Report post Posted December 17, 2014 I have changed my DP and MP to https and imported my client cert to my dp as pfx file. My software deployment works fine but i have some issues with my OS Deployment. The Windows PE mode starts and i can install OS. I have tested without my imported cert and i coudn't get past this point. Then i get stucked at that point where SCCM Agent is installed. I can see that the agent is installed but not correctly. I can't see the the assigend MP or witch Client Certificate is used. So the Task Sequenz is not continued. My understanding is that my imported cert is used for the pxe mode then when i join domain i get cert from my ad and this is used for fuhter steps. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted December 17, 2014 Report post Posted December 17, 2014 Please check the log files for more information and if needed post some pieces of the log files. Quote Share this post Link to post Share on other sites More sharing options...
