Users of SCCM 1806 and upwards, now have the option to deploy signing certificates right from the SCCM console in contrast to manual deployment using group policy object (GPO) method. This document demonstrates the step-by-step procedure on how to configure SCCM to manage code-signing certificates.
1. From the bottom left corner of the console, select 'Administration', click on 'Sites' from under 'Site Configuration' and select the node for which you would like SCCM manage the certificates.
2. Click on 'Configure Site Components', and then on 'Software Update Point'.
3. Now, from under the 'Third-Party Updates' tab, you will find two options. Make sure to enable 'Manually manages the certificate' checkbox before proceeding to the next step.
4. Next, go to 'Software Library', click on 'All Software Updates' and then 'Synchronize Software Updates'.
5.Now go to 'Administration', from the bottom left corner, click on 'Client Settings' and then on 'Default Client Settings'
6. Once the 'Default Settings' window opens, select 'Software Updates' and enable Software Updates first.
7. Lastly, from the bottom of the window change 'Enable third party software updates' to Yes.
You have now successfully configured SCCM to manage the code signing certificates! You can alternatively use the GPO method to manually deploy certificates to client machines.