Now that we have completed all our certificates pre-requisites and ready to configure ConfigMgr Components to use SSL.
Go to Management Point Property, (Open ConfigMgr console>Administration Workspace>Site Configuration>Servers and Site System Roles>Select Your Sever and Right Click on Management Point Role and Click Property.
Select HTTPS from the Client Connections options, this will kick off Reinstallation of Management Point, and reconfigure its Virtual directories to use HTTPS communication only.
You can see MP Reinstallation happening in MPSEtup.log
Go to Distribution Point Property, (Open ConfigMgr console>Administration Workspace>Site Configuration>Servers and Site System Roles>Select Your Sever and Right Click on Distribution Point Role and Click Property
Select HTTPS under Specify how client computers communicate with this distribution point
If you would like Clients to communicate back to DP on HTTPS even during Task Sequence than you would need to Select Import Certificate under Create a self-signed certificate or import a PKI client certificate
Click Apply, This will reconfigure this Distribution Point virtual directory to Use Only HTTPS communication
Open up command prompt in Admin Context on WSUS server and change working directory to WSUS installation path Tools directory and run following Command
WSUSUtil.exe ConfiguresSSL <Intranet FQDN of WSUS Server>
Go to Software Update Point Property, (Open ConfigMgr console>Administration Workspace>Site Configuration>Servers and Site System Roles>Select Your Sever and Right Click on Software Update Point Role and Click Property
Check the box Require SSL communication to the WSUS Server and Click Apply
This as well will reinstall Software Update Point Role with new settings.
Change your ConfigMgr setting to ensure client communicates with an HTTPS Enabled MP when a client authentication certificate is present. Launch ConfigMgr Console> Administration Workspace> Site Configuration> Sites> Right Click your Primary Site> Properties and Go to Client Computer Communication Tab. Check the box “Use PKI Client certificate (client authentication capability) when available”
Review clients that have Client Authentication Certificate to make sure they are communicating to MP in HTTPs.
A Client that has ConfigMgr client certificate installed will see changes made to ConfigMgr Server via Published information in Active Directory, and will switch to HTTPs if it detects a Valid Client Certificate Present on Computer’s Personal Store.