Hi, @Chong
Thank you for posting in Microsoft Q&A forum.
To enable SSL between SCCM and upstream server, you need to install a server authentication certificate generated from the internal certificate authority.
To enable SSL between client and SCCM server, you need to install another server authentication certificate generated from the internal certificate authority.
For more reference:
- Configure SSL on WSUS
- Plan for software updates in Configuration Manager
- Configure client computers to establish SSL connections with the WSUS server
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".