PKI Certificates for Configuration Manager 2012 R2 – Part 4/4 (Converting Roles)
Welcome to part 4 of 4 in PKI Certificates for ConfigMgr 2012 and converting the environment from http to https. In this Post I will continue to show the Step-by-Step process (found here) for configuring and requesting the certificates that will be used with the Configuration Manager 2012 R2 environment and the clients.
For the links to all the parts of this series see below
Part 1 – Web Server Certificate
Part 2 – Client Certificate for Windows Computers
Part 3 – Distribution Points
Part 4 – Converting Roles (You are here)
Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority
Now that we have the certificates in place, we can convert the roles from HTTP to HTTPS for that added layer of security. From the administration pane browse to Site Configuration. Under Site Configuration, select Servers and Site System Roles.
Click the server(s) that have roles that will need to be converted. In this example I have only one server.
The roles that I will be converting are:
Application Catalog Web Service Point
Application Catalog Website Point
Software Update Point
Application Catalog web service point
The option to change this from HTTP to HTTPS is grayed out. Uninstall and reinstall the role selecting HTTPS. Doing so will not convert the Application Catalog Website Point role. You will need to repeat this procedure for that role as well.
Application Catalog website Point
The option to change this from HTTP to HTTPS is grayed out. Uninstall and reinstall the role selecting HTTPS.
Open the General tab of the Distribution Point Properties.
Click Import Certificate. Specify the certificate for the distribution point and its password. Click Ok.
The Option to change from HTTP to HTTPS is grayed out. I had to uninstall and reinstall the role.
Software Update Point
Open the Software update point properties. The ports should already be listed. Click Require SSL communication to the WSUS server. Choose the Client Connection Type that best fits your organization.
Converting the Site to HTTPS
Click on Site Configuration then Sites. Click on your server and choose properties. Click on the Client Computer Communication tab. Select HTTPS only.
Your environment should now be configured to use HTTPS.