Deploy PKI Certificates for SCCM Step by Step Guide

ByPrajwal Desai Hours
Comments 8 Comments

Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide – This is a Step by Step Guide to Deploy PKI Certificates for SCCM.

This step-by-step example deployment uses a Windows Server 2012 R2 certification authority (CA). we will deploy public key infrastructure (PKI) certificates that Configuration Manager uses.

These procedures use an enterprise certification authority (CA) and certificate templates. The steps are appropriate for a test network only, as a proof of concept. I will be adding few more posts related to the PKI certificates as I work on it.

Part 1 : PKI requirements for SCCM 2012 R2

Part 2: Deploying Web Server Certificate for Site Systems that Run IIS

Part 3 : Deploying the Client Certificate for Windows Computers

Part 4 : Deploying the Client Certificate for Distribution Points

Part 5 : How to deploy Client Certificate for Mac Computers

Part 6 : How to install SCCM client agent on Mac Computers

Download All PKI Setup Guides – Download Link

Avatar photo

Prajwal Desai is a 8 time Microsoft MVP in Enterprise Mobility. His goal is to write in-depth posts and guides on Configuration Manager (SCCM), Microsoft Intune, Azure, Windows Server, Windows 11, and other topics, with the goal of providing people with useful information.

Leave a Reply

Your email address will not be published. Required fields are marked *

8 Comments

  1. Hi Prajwal, great tutorial! thank you.
    So for workgroup client deployment I changed install parameter of sccm client because it couldn’t connect to MP on SSL port.
    In LocationServices log I found following row:
    Skipping DNS record of port 443 as it is not compatible with Client
    The magic parameter is CCMHTTPSSTATE=31 (I don’t know what this parameter exactly is …)
    Final string for client installation:
    ccmsetup.exe /source:”C:\Temp\Client” SMSSITECODE= SMSMP= DNSSUFFIX= CCMHTTPSSTATE=31

    Reply
  2. Avatar photo Fahad Ahmed says:

    after attempting all these recommended steps, clients are not communicating and PKI certificate is not showing in control panel conf manager client

    Reply

  3. Thank you for your awsome guide! You saved me!

    Reply

  4. Do we have technical document to refer if we change Enterprise PKI (MECM)

    Reply
  5. Avatar photo Felipe Alves says:

    And secondary sites? I need a CA too and configuring the same think?

    Reply

  6. All MPs have Internal server error 500

    Reply

  7. PDF are not getting downloaded.

    Reply

    1. Downloads are working fine. If you have adblocker installed in browser, disable it and then try.

      Reply