Hi @Danny Banda ,
Thanks for posting in Microsoft Q&A forum.
client certification option doesn't change from self-signed to PKI
The client certificate will not change until the client registration is completed.
The error mentioned that the certificated is not trusted by the CMG service, this might be caused by using the incorrect client trusted root certificate that is uploaded to the CMG service.
It is recommended to check the certificate that we uploaded to the CMG.
For more detail, please refer to this link:
https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/server-auth-cert#choose-the-certificate-type
Hope the above information can help you.
If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.