spgsitsupport Posted August 24, 2015 Report post Posted August 24, 2015 Moved to PKI HTTPS based setup (from plain http) I can see that newly installed client shows: Client certificate: PKI but the actual certificates in SMS are still showing as issued by SMS (ie via certutil -viewstore SMS ) SMS Encryption certificate 1.3.6.1.4.1.311.101.2SMS Signing certificate 1.3.6.1.4.1.311.101 So what is the actual Client certificate: PKI ? Where is the info taken from that it is now PKI? I get the same result (change from self-signed to PKI if I re-register client) using SCCM Client Action Tool from http://sccmcat.codeplex.com/ as per http://www.scconfigmgr.com/2012/11/12/force-a-client-re-registration-in-configmgr-2012/ Seb Quote Share this post Link to post Share on other sites More sharing options...
spgsitsupport Posted August 25, 2015 Report post Posted August 25, 2015 The PKI bit only seems to mean that PKI certificate was used to register with SCCM site server. So normal machine certificate exists, and the 2 SMS certificates are there as well Quote Share this post Link to post Share on other sites More sharing options...
