SOLVED SCCM using HTTPS

[CrisKolkman]

Hello,

We have been trying to setup SCCM with using HTTPS (using a public certificate) instead of HTTP and we ran into a few problems.
The version of our SCCM is 2103, running on Server 2016.

In the image below we left Use PKI client certificate... off and we turned off the option Clients check the CRL...
The communication between the clients and SCCM server seemed fine but OSD and PXE boot didn't seem to work anymore.
In mpcontrol.log we did see a lot of these errors:



Is this because we enabled HTTPS for the role Management point as well, which seem to require client certificates?
Does OS deployment has something to do with this role at all?
We tried to Ignore the client certificates in IIS but this didn't seem to help as well.

And another question, what if we do want to set up our own CA and use client certificates, how will deploying of new (unknown) computers work since they don't have a client certificate (yet)?
Because of OSD and PXE being broken when using HTTPS I think this will become a problem again when using our own CA, or am I wrong?

 

[CrisKolkman]

Solved this by setting up our own CA.
As for the OSD part, we created a Workstation Certificate which is used during OSD.