In this article we will enable PKI feature in SCCM
Open Certificate Authority and Create a New Certificate Templates.
Right Click and Click on Manage.
Right click on Web Server and Click on Duplicate Template
Set the template name and Click Apply and OK
then Click on Workstation Authentication and Duplicate Template
Set the Name SCCM DP Cert and Select Validity Period and then
Click on Request Handling and Select Allow Private Key to be exported. Click Apply and OK.
Again Duplicate the Workstation Authentication.
Name it as SCCM Client Cert and Click Apply and OK.
Once you did that you need to enable this GPO Settings and Link this to Client.
Now open SCCM >Go to Administrators>Site Configuration>Sites> Select Site and Go to Properties.
Under Client Computer Communication Select HTTPS or HTTP and User PKI Client Certificate.
In the SCCM Servers and Site System Roles Go to Distribution Point Properties. Enable the HTTPS.
And Import PKI certificate.
Enable the Management Point properties HTTPS also.
And at the end you can enable the Software update point properties to use 8531 also require SSL Communication to the WSUS Server. Before you enable this setting . We need to set the Require SSL under IIS Manager for WSUS.