CMG Server Certificate

Ranjithkumar Duraisamy 226 Reputation points
2022-09-22T19:33:03.177+00:00

Hi Team,

I'm going to create a CMG and thought of getting this clarified before that. For the CMG Server Certificate which will be importing during the CMG Creation wizard, Do we need to issue a whole new CERT from new web server cert template or IIS Certificate which we're using for MP can be used here?

Note: ConfigMgr is already working in HTTPS only using Internal PKI.

Microsoft Configuration Manager
0 comments No comments
{count} votes

7 answers

Sort by: Most helpful
  1. Jason Sandys 31,176 Reputation points Microsoft Employee
    2022-09-22T19:46:58.16+00:00

    Yes, you need a new cert and should not in any way reuse a cert used for other purposes -- it won't even have the same subject name as any of your MPs so that's not even technically possible to reuse. Also, I strongly suggest purchasing a cert from a public CA for this purpose as it will prevent issues when provisioning clients off-prem or that are not domain joined.

    1 person found this answer helpful.
    0 comments No comments

  2. Jason Sandys 31,176 Reputation points Microsoft Employee
    2022-09-22T22:13:56.493+00:00

    Yep, for a POC, test environment, or the like, you can definitely use a cert generated using the standard web server cert template (or any that are equivalent) in ADCS and use that.

    1 person found this answer helpful.
    0 comments No comments

  3. Ranjithkumar Duraisamy 226 Reputation points
    2022-09-26T09:40:21.157+00:00

    Hi @Simon Ren-MSFT , Managed to get this resolved by tweaking in keyvault part of this device over Azure.

    1 person found this answer helpful.
    0 comments No comments

  4. Ranjithkumar Duraisamy 226 Reputation points
    2022-09-22T21:18:48.307+00:00

    Hi @Jason Sandys , Thank you for the response. I'll consider purchasing Public CA for the PROD. but for the POC, Just to be clear, we can use any web server cert template from CA to generate new certificate and use the same during CMG Creation wizard right?

    Sorry, If I'm wrong. But please help me to understand clearly.

    0 comments No comments

  5. Ranjithkumar Duraisamy 226 Reputation points
    2022-09-23T11:36:50.57+00:00

    Thank you for your advice. Managed to create CMG and seems provision done. But when I try to run the connection analyzer, it was showing "Bad Gateway 502".

    1. I tried stopping service and tried running connection analyzer again but it stops like this now.
    2. Tried accessing the CMG through browser but got this error.

    244238-image.png
    244220-image.png

    0 comments No comments