Microsoft Configuration Manager
An integrated solution for for managing large groups of personal computers and servers.
4,086 questions
Or is there a version that I need to get to solve this issue?
Devices in SCCM Console staying self-signed while its showing PKI on the client side
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 36%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Patrick Baldonado
6
Reputation points
Hi all, We initially setup our SCCM environemnt using HTTP but now decided to flip to PKI to support CMG. We only have 1 MP which is on the Primary site as well. I have switched over MP, DP and SUP to use HTTPS, also binded MP 443 port to the IIS cert I have generated. I have also switched site Communication tab to use PKI. Finally, I have pushed client auth cert through GPO and can see clients are getting certs on Personal Store. I can even see the clients switching over to PKI under SCCM client General Tab. Also verified client registered using PKI in ClientIDManagerStartup.log. My problem is when I go check Devices in SCCM Console, under client certificate, they still show as self-signed rather than PKI. Thoughts please...
{count} vote
-
AllenLiu-MSFT 40,551 Reputation points Microsoft Vendor2021-10-06T07:40:42.79+00:00 It seems there is no update for a couple of days. May we know the current status of the problem? If you think Jason's reply is useful, you may accept it as answer.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 63%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Pushpraj 0 Reputation points2023-04-01T17:37:28.63+00:00 I am having the same issue.
on client side it is showing that it is using PKI but when I go to check in sccm console it is showing as self signed.
Can anyone give me the exact cause and solution of this??? -
Jason Sandys 31,161 Reputation points Microsoft Employee2023-04-03T13:52:18.3766667+00:00 As has been called out, this is (still) a bug in ConfigMgr. If you are impacted, please use the in console feedback system to submit a frown.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 5%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Jeff Gilbert 5 Reputation points2023-06-03T18:13:04.52+00:00 Wasted most of a day trying to figure out why the console wasn't updating. So we can't trust the console client cert column or the HTTPS reports. After years you'd think this would have been addressed. I suppose now we need to use an unsecure FSP to tell us if HTTPS is working or not to make our sites more secure. :|
Sign in to comment
12 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 70%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Mes Ka 0 Reputation points2023-06-05T18:12:53.1566667+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 35%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
C Filip 6 Reputation points2023-06-06T07:37:50.9+00:00
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 35%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
sfjmercado 0 Reputation points2024-01-29T18:14:25.1066667+00:00 On 2309 and still experiencing "self-signed" vs "PKI" with some machines. Verified client shows "PKI". Submitted frown report a few minutes ago. So still an issue.
-
Prajwal Desai [MVP] 16 Reputation points2024-01-30T17:09:24.3733333+00:00 Are the client agents on latest version?. I work on many ConfigMgr environments, and I can confirm that the cert column reflects the correct client certificate.
-
sfjmercado 0 Reputation points
2024-01-30T17:48:14.91+00:00 Yes, the clients show the same version. 500.9122.1000 as those with PKI. If you go into the client settings it shows PKI. Config Mgr shows self-signed.
Sign in to comment -