We need to have proper certificates to Authenticate and Encrypt the data flow between ConfigMgr clients and Management Point (Even in Mixed mode). Sometimes, we need to play with certificates to resolve client authentication and registration issues. The following steps would be useful to resolve those kind of issues.
Check and Verify ConfigMgr SCCM Mixed Mode Certificate Details
Following topics are covered in this post.
- SMS certificate Store Details (MMC)
- Export certificates
- Import Certificates
- Certificates stored folder location in windows explorer or in the file system
- Find the location and name of the private key file associated the certificates
SMS certificate Store Details (MMC)
Launch MMC (mmc.exe) and Click on File —> Add/Remove Snap-in
Select Certificates from Available Snap-ins and click on Add button
Select “Computer Account” and Click NEXT
Select Local Computer and click on FINISH
Click OK on the “Add or Remove Snap-ins” window
Here are the TWO certificates “SMS Signing Certificate” and “SMS Encryption Certificate” which is used for Authentication and Encryption.
You need to right click on the certificate All Tasks – Export….This will open up Certificate Export Wizard
Select “Yes, export the private key” and click “Next”
Select Export File Format” page, “Personal Information Exchange – PKCS #12(.PFX)” and click NEXT (Even, you can select INCLUDE and EXPORT check boxes mentioned in the below screen shot)
Type in the password on the Password window and click NEXT
On the “File to Export” page, enter the file name in which you wish to store the exported certificate. Do not give it an extension. Click NEXT
Click on FINISH
Right Click on “Certificates (Local Computer)” –> “SMS” -> “Certificates” –> All Tasks –> Import
On the “Welcome to the Certificate Import Wizard” page, click “NEXT”
Browse through and provide the path of the certificate export file you are importing and click “NEXT”
Enter the password that you used in the export process, check “Mark this key as exportable. This will allow you to back up or transport your keys at a later time”, and click “NEXT”
“Place all certificates in the following store” should already be selected and the Certificate store value should already say “SMS”. Click “NEXT”
Certificates stored folder location in windows explorer or in the file system
Note – Both SMS certificates are stored in the 19cf* Machine Key files.
Find the location and name of the private key file associated with the certificates
FindPrivateKey.exe tool can be used to find out those details.
Syntax and examples of FindPrivateKey.exe in the following MSDN link.
Download FindPrivateKey.exe HERE
Ref : Forum Discussion