I was wondering if someone can point out some tips on what to look for. I setup a lab to play around with SCCM and i was having success pushing out clients to test machines as well as deploying patches. I decided to play around with enabling PKI on the clients. Here is an overview of the steps I performed
I created a SCCM DP certificate (for the distribution point to enable the certificate in the component settings). I published it and imported it.
I created a SCCM Web server Certificate (for IIS). Binded 443 and can get to http://localhost:80 and https://localhost:443 from the server
I created a SCCM Client certificate (this is for the end points and created a GPO and pushed it out). I checked the personal store of a couple of machines an they have the certificate enrolled from the SCCM server) I got that working.
Once I enabled the DP to SSL, I lost all my connections (green checks) with the clients. I figured it will take some time for all the clients to update but I have been waiting for a couple of hours and the clients list as self-signed instead of PKI.
I tested from the client to see if i could navigate to the 80 and 443 pages of the SCCM server and i receive the IIS welcome page on port 80 but for 443 I receive a ERR_CONNECTION_TIMED_OUT.
I am a little stuck on what to try. I looked at the SCCM video you guys posted but it really didn't talk about SSL at all. Is there something I am missing or something I should look at to decipher why the clients are stuck?
Thanks in advance for any assistance.