This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 36%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Hi all, We initially setup our SCCM environemnt using HTTP but now decided to flip to PKI to support CMG. We only have 1 MP which is on the Primary site as well. I have switched over MP, DP and SUP to use HTTPS, also binded MP 443 port to the IIS cert I have generated. I have also switched site Communication tab to use PKI. Finally, I have pushed client auth cert through GPO and can see clients are getting certs on Personal Store. I can even see the clients switching over to PKI under SCCM client General Tab. Also verified client registered using PKI in ClientIDManagerStartup.log. My problem is when I go check Devices in SCCM Console, under client certificate, they still show as self-signed rather than PKI. Thoughts please...
It seems there is no update for a couple of days. May we know the current status of the problem? If you think Jason's reply is useful, you may accept it as answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 63%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
I am having the same issue.
on client side it is showing that it is using PKI but when I go to check in sccm console it is showing as self signed.
Can anyone give me the exact cause and solution of this???
As has been called out, this is (still) a bug in ConfigMgr. If you are impacted, please use the in console feedback system to submit a frown.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 5%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Wasted most of a day trying to figure out why the console wasn't updating. So we can't trust the console client cert column or the HTTPS reports. After years you'd think this would have been addressed. I suppose now we need to use an unsecure FSP to tell us if HTTPS is working or not to make our sites more secure. :|
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 60%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENO%3C/text%3E%3C/svg%3E)
issue was resolved in version 2503. 2309 had the same problem but when upgraded to 2503 it started to show properly
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 70%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Hello Jason, I have the issue still. Do you have any idea about when it will be fixed?
This has been addressed in TP2305 and I believe should be included in 2309.
Or is there a version that I need to get to solve this issue?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 35%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
On 2309 and still experiencing "self-signed" vs "PKI" with some machines. Verified client shows "PKI". Submitted frown report a few minutes ago. So still an issue.
Are the client agents on latest version?. I work on many ConfigMgr environments, and I can confirm that the cert column reflects the correct client certificate.
Yes, the clients show the same version. 500.9122.1000 as those with PKI. If you go into the client settings it shows PKI. Config Mgr shows self-signed.
2503 finally resolved this issue. was noticed on 2309