We have a native mode SCCM installation on our network. For security reasons, we have two servers that are NOT domain joined, but have the native mode SCCM client installed (and functioning nominally).
SCCM just renewed the site server signing certificate (since the current one is expiring) and I am not able to find any information on Technet regarding what, if anything, needs to be done with the non-domain joined computers.
Does anyone have experience with this? Should the non-domain clients just "pick up" the renewed cert, or are there additional actions I need to take?
To be on the safe side you should manually renew certificates for your non-domain servers. Since it's only two there shouldn't be much work involved, right click on the cert in the certificate manager and click 'renew'. For domain joined machines that are auto-enrolled, they'll renew certs automatically, so there's the difference between the two.