![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 55.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Microsoft Configuration Manager
An integrated solution for for managing large groups of personal computers and servers.
4,264 questions
Thank you for posting in Microsoft Q&A forum.
- Different environment will use different certificates, so could we know what environment that we use currently? It's a cloud environment with CMG or normal CM environment?
- For these old certificates you don't need to delete them, SCCM will use the newly created certificates to communicate with each other.
- Normally, there are four core certificates that we need in our environment:Web server certificate, Client certificate for Windows computers, Client certificate for distribution points and CA root certificate.
Based on my understanding, If we use the https environment, the server must have a valid PKI web server certificate. Our DP has two certificates. When communicating with the client to be deployed, this client will obtain the certificate from our DP. Another certificate is used for site server and MP.
For more details, please refer to this excellent blog:
https://www.prajwaldesai.com/pki-certificate-requirements-for-sccm-2012-r2/
Note: this is non-official Microsoft article just for your reference.
The detailed Microsoft article may also for your reference:
https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/network/pki-certificate-requirements#BKMK_PKIcertificates_for_servers
Have a good day!
If the response is helpful, please click "Accept Answer" and up vote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.