locked
Change Management Point Client Connection to HTTPS RRS feed

  • Question

  • Hello, Our property has a need to enroll Mac computers into SCCM to deploy software, but I noticed our site is not setup to allow mac clients. The management point client connection is set to HTTP (does not support Mac computers) and I would like to change it to HTTPS. 

    Will this break or cause problems for our current clients and site server if I change the setting? I just started at this property and was told that "we have all the PKI and certificates in place" but I can't tell if that is the case. 

    Monday, September 26, 2016 1:43 PM

All replies

  • It does not break anything *if* all client and server side certs are in place: https://technet.microsoft.com/en-us/library/mt613191.aspx

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, September 26, 2016 1:54 PM
  • Thank you sir! I will have to get with our security analyst to make sure we are on the same page :)
    Monday, September 26, 2016 2:44 PM
  • Hi,

    Why not set another MP as HTTPS and assign it to boundary group and test clients first.

    Thanks,

    Anu

    Monday, September 26, 2016 2:52 PM
  • Doing the above is generally not trivial though particularly if you do not have an internal PKI in place already.

    Depending upon your needs, you may want to explore a better path like using Parallels Mac Management that directly integrates with ConfigMgr in a seamless manner.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Monday, September 26, 2016 3:03 PM
  • awesome, will do, thanks for the replies gentlemen!
    Monday, September 26, 2016 5:54 PM
  • I do see our workstations have a client auth cert issued by our CA called 'Sccm client cert'. This cert is in the folder Personal -> Certificates.

    If I have issues setting the management point to use HTTPS, can I change it back and resume using the current HTTP setting with the clients that are already installed on workstations ?

    Wednesday, September 28, 2016 2:38 PM
  • Yes. Remember to add server auth certs to IIS for your client facing site systems (those hosing MPs, DPs, or SUPs) as well as adding a client auth cert to the DP configuration.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, September 28, 2016 2:52 PM
  • also, in our workstation client control panel, the client certificate says PKI, connection type: intranet

    Wednesday, September 28, 2016 2:53 PM
  • Hi Justin,

        Have you got this issue resolved now? If so, could you please share the solution with us? Thank you.

    Best regards,

    Jimmy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 12, 2016 12:39 AM