I will be renewing the certs our two tier PKI certificate in the next month as the offline rot CA cert expires soon. I have built a list of all systems where we need to update manually issues cert or where the new CA cert will need to be added to replace the existing.
Our SCCM environment has a primary site server with distribution pointed dotted around our branch offices and an external DP on our DMZ for remote workers. I'd like to know if (besides what I have outlined below) ss there anywhere else on SCCM that could possibly require an update to the certificate services post renewal?
So far what I can see is:
The primary site server has a copy of the CA cert to validate clients that communicate and will need the new CA cert added here.
The branch DPs do not require any certs to be updated as they communicate with the site server and clients over http
The external DP does use https and requires a manual certificate and key presented via the primary site server.
Thanks in advance.