How to Check and Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager. We need to have proper certificates to Authenticate and Encrypt the data flow between ConfigMgr clients and Management Point (Even in Mixed mode).
Sometimes, we need to play with certificates to resolve client authentication and registration issues. The following steps would be useful to fix that kind of issue.
Latest Post – Free ConfigMgr Training Part 2 | 20 Hours Of Technical | SCCM HTMD Blog (anoopcnair.com)
How to Check and Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager
The following topics are covered in this post how to Check and Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager.
- SMS certificate Store Details (MMC)
- Export certificates
- Import Certificates
- Certificates stored folder location in windows explorer or in the file system
- Find the location and name of the private key file associated the certificates
SMS certificate Store Details (MMC)
Launch MMC (mmc.exe) and Click on File —> Add/Remove Snap-in
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (2) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (2)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb23.png)
Select Certificates from Available Snap-ins and click on Add button
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (3) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (3)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb24.png)
Select “Computer Account” and click NEXT
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (4) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (4)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb25.png)
Select Local Computer and click on FINISH
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (6) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (6)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb26.png)
Click OK on the “Add or Remove Snap-ins” window
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (7) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (7)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb27.png)
Here are the TWO certificates, “SMS Signing Certificate” and “SMS Encryption Certificate,” used for Authentication and Encryption.
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (8) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (8)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb28.png)
Export certificates
You need to right-click on the certificate All Tasks – Export….This will open up Certificate Export Wizard.
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (9) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (9)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb29.png)
Select “Yes, export the private key” and click “Next.”
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (10) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (10)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb30.png)
Select Export File Format” page, “Personal Information Exchange – PKCS #12(.PFX)” and click NEXT (Even, you can select INCLUDE and EXPORT checkboxes mentioned in the below screenshot)
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (11) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (11)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb32.png)
Type in the password on the Password window and click NEXT
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (12) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (12)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb33.png)
On the “File to Export” page, enter the file name you wish to store the exported certificate. Please do not give it an extension. Click NEXT
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (13) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (13)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb34.png)
Click on FINISH
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (14) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (14)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb35.png)
Import Certificates
Right Click on “Certificates (Local Computer)” –> “SMS” -> “Certificates” –> All Tasks –> Import
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (15) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (15)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb36.png)
On the “Welcome to the Certificate Import Wizard” page, click “NEXT.”
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (16) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (16)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb37.png)
Browse through and provide the path of the certificate export file you are importing, and click “NEXT.”
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (17) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (17)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb38.png)
Enter the password that you used in the export process, check “Mark this key as exportable. This will allow you to back up or transport your keys at a later time”, and click “NEXT.”
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (18) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (18)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb39.png)
“Place all certificates in the following store” should already be selected, and the Certificate store value should already say “SMS.” Click “NEXT”
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (19) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (19)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb40.png)
Click FINISH
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (20) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (20)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb41.png)
Certificates stored folder location in windows explorer or in the file system
Windows 2008 R2 servers – “C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys”
Windows 7 workstations – “C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys”
Note – Both SMS certificates are stored in the 19cf* Machine Key files.
Find the location and name of the private key file associated with the certificates
FindPrivateKey.exe tool can be used to find out those details.
Syntax and examples of FindPrivateKey.exe in the following MSDN link.
Download FindPrivateKey.exe HERE
![How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (21) How To Check And Verify ConfigMgr SCCM Mixed Mode Certificate Details Endpoint Manager HTMD Blog (21)](https://i0.wp.com/www.anoopcnair.com/wp-content/uploads/2011/12/image_thumb44.png)
Author
AnoopisMicrosoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…