Hi, I have a question related to this. I am due to be doing a CMG implementation in next few weeks for a client.
I understand for CMG that it requires a certificate-based HTTPS web service to secure network communication with clients.
I assume the MECM environment need to be configured to use HTTPS before I implement CMG? I know HTTPS isn’t configured in MECM but root certificates using their internal W2K16 CA server are deploy to clients and servers. I am guessing that isn’t enough. The articles explained here, will they assist me in moving MECM from HTTP to HTTPS and is there an impact when making this change during production hours?
So am I right in thinking as long as EHTTP is setup on both site server and clients I can proceed with a CMG setup without getting too concerned about certificates as that part is dealt with through EHTTP?
Answers ( 8 )
Hi, I have a question related to this. I am due to be doing a CMG implementation in next few weeks for a client.
I understand for CMG that it requires a certificate-based HTTPS web service to secure network communication with clients.
I assume the MECM environment need to be configured to use HTTPS before I implement CMG? I know HTTPS isn’t configured in MECM but root certificates using their internal W2K16 CA server are deploy to clients and servers. I am guessing that isn’t enough. The articles explained here, will they assist me in moving MECM from HTTP to HTTPS and is there an impact when making this change during production hours?
Thanks
Well for CMG you don’t actually need HTTPS… you can enable enhanced HTTP to avoid some certificate requirements.
More details are available in the following post from Vimal…
https://www.anoopcnair.com/new-sccm-cmg-setup-guide-ehttp/
Hi Anoop
So I reviewed the article you recommended to ready by Vimal and also this recent one you posted.
https://www.anoopcnair.com/enable-configmgr-enhanced-http-configuration/
So am I right in thinking as long as EHTTP is setup on both site server and clients I can proceed with a CMG setup without getting too concerned about certificates as that part is dealt with through EHTTP?
Thank you
Thanks Anoop.i will review that article.
I am planning to implement using my internal CA server cerrificate
There is a lot of documentation about this.
Are you sure you are looking to implement PKI infrastructure to get HTTPS implementation for SCCM?
Or do you already have PKI certs in place? More clarification is appreciated.
I am planning to implement using my internal CA server cerrificate
Please pass the following details to the Internal PKI team to check SCCM CB HTTS implementation requirements
HTTPS -> https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/pki-certificate-requirements