@Lean
Thank you for posting in Microsoft Q&A forum.
The certificate is not required. If you don't want to create a BitLocker management encryption certificate, opt-in to plain-text storage of the recovery data. When you create a BitLocker management policy, enable the option to Allow recovery information to be stored in plain text.
Configuration Manager stores the recovery information in the site database. Without a BitLocker management encryption certificate, Configuration Manager stores the key recovery information in plain text.
The BitLocker recovery service requires HTTPS to encrypt the recovery keys across the network from the Configuration Manager client to the management point. There are two options:
- HTTPS-enable the IIS website on the management point that hosts the recovery service. This option only applies to Configuration Manager version 2002.
- Configure the management point for HTTPS. This option applies to Configuration Manager versions 1910 or 2002.
If we don't have a management point with an HTTPS-enabled website, don't configure this setting Configure BitLocker Management Services when create a Bitlocker policy.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.