How to Deploy SCCM Self-Signed Certificate to the trusted root certification authorities store in All Devices

Rodolfo Pena Cedeno 26 Reputation points
2023-01-30T13:04:54.0133333+00:00

Dear Brothers and Sisters,

I trust this message finds you very well.

I am contacting you again because:

-          I have activated Enhanced HTTP in SCCM/MECM.

-          I Installed the certificate (SMS Issuing) on the Server because the certificate was not trusted. I was getting the following message: This CA Root Certificate is not Trusted. To Enable trust, Install this certificate in the Trusted Root Certification Authorities Store. Therefore, I installed the Certificate on the SCCM Server Site and all is good now.

-          Nevertheless, I am getting the same error msg on the clients. The certificates are located in SMS/Certificates, Nevertheless, I need to install the certificates in the Trusted Root Certification Authorities Store of each device.

Could you please help me understand how to:

1-      Export the certificate (I want to make sure that I am doing it in the right way).

2-      Deploy it to All Clients/Devices (2000).

3-      The Certificates will be automatically renewed on SMS/Certificates, however, does that means that I will have to redeploy them every time?

Thank you very much for your help and support, dear brothers and sisters, have an amazing and wonderful day.

Sincerely,

Peace.

 

 

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,774 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 10,681 Reputation points MVP
    2023-01-30T14:00:31.8266667+00:00

    I think you are going about this all wrong. EHTTP doesn't work the way you are trying to implement. I will suggest to read the official document to understand what all is required.

    https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/enhanced-http


  2. TrudaZeng-MSFT 771 Reputation points
    2023-01-31T10:01:19.7366667+00:00

    Hi,

    In my experience, after we activate enhanced http, we need to make sure that the generated certificate is in the Trusted Root Certification Authorities. For more details: https://www.prajwaldesai.com/enable-sccm-enhanced-http-configuration/#:~:text=To%20eliminate%20that%20error%2C%20click%20Install%20Certificate%20and%20ensure%20you%20place%20the%20SMS%20Issuing%20certificate%20in%20trusted%20root%20certification%20authorities%20store.

    Client-Side SCCM eHttp Certificates follow the link: https://www.anoopcnair.com/enable-configmgr-enhanced-http-configuration/

    A reference question link: https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html

    If your steps to activate EHTTP have any different from those provided above, please share them with us.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.