Configuring SCCM to use HTTPs - Certificate Issue

[ETx13]

I've been following this guide to a tee: How can I configure System Center Configuration Manager in HTTPS mode (PKI) but I've run into a snag. After switching the MP to use HTTPs, I looked into the logs to make sure it switched over properly but I've been getting this error:

Couple notes:
1. I was getting a "Certificate doesn't have SAN2 extension" error so I found out that I had to add the "Client Authentication" extension to the SCCM IIS Certificate which got rid of that error.

2. Looking at the MPSetup log, I noticed that the install went through but required a restart for some reason. Even after a restart, that log didn't change.

3. I haven't found any notes about this but our CA is still using SHA-1 (I just found this out and have started the talks to switch to SHA-2) so I'm wondering if perhaps that's the reason it's failing to bind.

4. The certificate date is valid:

 

Any help with this is greatly appreciated!

 

 

[anyweb]

did you follow the guide exactly ? did you verify IIS was working as per my guide before switching ?

did you also add your root CA as per step 5 here ?

 

[ETx13]

Yes I have. IIS is working except it says it's not secured because the certificate is using SHA-1 (this is expected behaviour from browsers).

I did add my root cert as mentioned in the guide.

Interestingly enough I decided to try again and now I only get this error:

Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden    SMS_MP_CONTROL_MANAGER    3/4/2024 10:17:40 AM    3460 (0x0D84)

Which I guess is progress but I'm thinking it's still because we use SHA-1 certs instead of SHA-2... I could be wrong though.

 

 

[anyweb]

can you show me a snippet of the new errors seen ?

looking back at the original error it's complaining about 'invalid date' did you see that ?

[ETx13]

Pardon the black boxes, I'm not sure what should be kept hidden or not.