you just need 1 cert and can be used for 3 virtual directories. you can follow this guide https://msendpointmgr.com/2020/04/02/goodbye-mbam-bitlocker-management-in-configuration-manager-part-1
Thanks,
Eswar
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
As per the new update in ConfigMgr 2002, we can do Bitlocker Administration with ConfigMgr Starting 1910
We have done fresh installation of ConfigMgr 2002 in the environment.
As per MS documentation ( https://learn.microsoft.com/en-us/mem/configmgr/protect/plan-design/bitlocker-management#prerequisites )we do not need to make the entire ConfigMgr environment to HTTPS.
Starting CM 2002, HTTPS-enable the IIS website on the management point that hosts the recovery service. This option only applies to Configuration Manager version 2002.
Has anyone tried this way of doing the Bitlocker Management or it is recommended to configure the management point for HTTPS ( means entire SCCM environment to work on HTTPS - Servers and Clients )
Need 2 things :
you just need 1 cert and can be used for 3 virtual directories. you can follow this guide https://msendpointmgr.com/2020/04/02/goodbye-mbam-bitlocker-management-in-configuration-manager-part-1
Thanks,
Eswar
You dont need to convert the MP to https for the bitlocker service. As the guide says, if you are running http (self-signed) infra, you can get IIS binding configured with port 443 and enable the 3 virtual directories for SSL.
It works fine and have done this many times to customers.
You can refer this guide for more information https://msendpointmgr.com/2020/04/02/goodbye-mbam-bitlocker-management-in-configuration-manager-part-1/
Regards,
Eswar
www.eskonr.com
If the response is helpful, please click "Accept Answer" and upvote it.