If you do a default installation of ConfigMgr 2012 the clients will communicate over HTTP with the Management Point. Also all traffic from the Distribution Point will be over HTTP. And if you use the Application Catalog, well that’s HTTP also.
In this 3 post series I will explain the steps to go from HTTP to HTTPS communication.
The first post (HERE) I explained the Certificates needed, the second (this one) and third one (HERE) will do the actual work of transforming ConfigMgr from HTTP to HTTPS.
What is going to happen in this post:
- Have the Clients talk over HTTPS to the site server (Management Point)
With all the certificates in place let’s see if I can change the Client to communicate over PKI and HTTPS instead of HTTP and a self-signed certificate.
Site Server Communication
Export the Root CA Certificate as a DER encoded binairy X.509 (.CER) Certificate.
In the ConfigMgr console go to Administration – Overview – Site Configuration – Sites and select your Site.
Right-click and select Properties.
Go to the tab Client Computer Communication and change the setting to HTTPS Only. If you still have clients with HTTP then you can select HTTP or HTTPS.
Under Trusted Root Certification Authorities select your Root CA Certificate.
For a client that has already been deployed just wait and the Client Certificate will change to PKI.
And I am communicating over HTTPS with my PKI:
As I can also see in my ClientLocation.log
From the ccmsetup.log is visible that all communication is secure.
Part 1 Here.
Part 3 Here.