Hi,
Thanks for your detaied information.
Based on my understanding, the SCCM environment is in HTTPS only, and the situation we face are as below:
- Everything works well including PXE boot, when you unblock the two certificates with start date as a 11/09/2020.
- When you block the two certificates, only PXE boot fails, other functions are working fine.
If I don't misunderstand, the two certificates with start date as a 11/09/2020 are used not only for site systems that have a distribution point installed but also for Boot images for deploying operating systems. The situation is as expected, we should not block these two certificates. When we have an environment with HTTPS only, the client must have a valid Boot images for deploying operating systems certificate for the client to communicate with the site and for the PXE OSD deployment to continue.
And the PXE-enabled DP also need a certificate for Site systems that have a distribution point installed to communicate with HTTPS-enabled management point. The requirements for this Boot images for deploying operating systems certificate are the same as the server certificate for site systems that have a distribution point installed. Because the requirements are the same, so we can use the same certificate file.
If I have misunderstood anything, please don't hesitate to let me know.
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.