Cloud Management Gateway Certificates

Introduction

The certificate requirements when setting up a CMG can be a little confusing at times and the aim of this post is to help shed some light on this. Below you can see the different kinds of certificates at play including their source and intended destination

CMG Certificate Setup

CMG Certificate Setup - Cloud Management Gateway Certificates

Certificate Compatibility Matrix

CertsRequiredCMG3Steps - Cloud Management Gateway Certificates
3 certificate scenarios that need to hold true. Check matrix below for more details
AAD CertPKI
(Client Auth)
CMG Cert
(EHTTP)
PKI
(Server
Auth)
Public CertToken Based
(2002+)
1. Client Cert to auth to CMGcheck - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificates
2. Web Cert for CMGcross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificates
3.1 Client Cert to auth to CCP.
MP in http
cross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificates
3.2 Client Cert to auth to CCP.
MP in https
check - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescross - Cloud Management Gateway Certificatescheck - Cloud Management Gateway Certificates

Notes

CCP is the cloud connection point role in SCCM

When using PKI certificates, the client auth certificate and the web certificate are two different certs

EHTTP certificates require version 1810 above

Token based authentication required version 2002 or above

Leave a Reply

Your email address will not be published. Required fields are marked *