Certificates Management

Duchemin, Dominique 2,006 Reputation points


For the multiple certificates needed by Configuration Manager when using HTTPS I would like to know how do you manage your certificates:

  • expiration date?
  • old certificate deletion?
  • others


  • Client Authentication on all clients
  • Web Server
  • Distribution Point
  • SCUP Signing
  • etc...


  • List item
Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Fiona Yan-MSFT 2,311 Reputation points

    @Duchemin, Dominique

    Thank you for posting in Microsoft Q&A forum.

    1. Different environment will use different certificates, so could we know what environment that we use currently? It's a cloud environment with CMG or normal CM environment?
    2. For these old certificates you don't need to delete them, SCCM will use the newly created certificates to communicate with each other.
    3. Normally, there are four core certificates that we need in our environment:Web server certificate, Client certificate for Windows computers, Client certificate for distribution points and CA root certificate.

    Based on my understanding, If we use the https environment, the server must have a valid PKI web server certificate. Our DP has two certificates. When communicating with the client to be deployed, this client will obtain the certificate from our DP. Another certificate is used for site server and MP.
    For more details, please refer to this excellent blog:
    Note: this is non-official Microsoft article just for your reference.

    The detailed Microsoft article may also for your reference:

    Have a good day!

    If the response is helpful, please click "Accept Answer" and up vote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.