Whilst working with a customer this week who recently had Configuration Manager implemented, I was made aware of a problem they had experienced adding certificates into the cloud management gateway. This particular organisation is going through a domain consolidation exercise following a merger but at the moment has 3 domains in separate forests each with its own PKI and Certification Authority. During the implementation of their Cloud Management Gateway they wanted to add Root CA certificates and Subordinate CA certificates but soon realised a limitation. Whilst I don’t have a specific error message screenshot available, I can confirm that in the dialog below, you can add a maximum of 2 Root CA certificates and 4 Subordinate CA certificates.
I contacted the product group about this and whilst I cannot fully disclose the details, the limitation is known and is related to the current deployment methodology of CMG. It is now on the list for review in a future version. With any luck we might see something in a tech preview soon.
For full info on cloud management gateway certificate requirements visit the Microsoft docs site here – https://docs.microsoft.com/en-us/sccm/core/clients/manage/cmg/certificates-for-cloud-management-gateway