I’ve been building up a greenfield ConfigMgr site recently and the site is using PKI. Everything was working well but then suddenly SSL comms ground to a halt and nothing was speaking to the management point successfully.
I found the problem when I attempted to install the ConfigMgr client on a new device. The ccmsetup.log reported a sea of red around SSL.
The issue was due to the fact that I had issued the IIS certificate on the Management Point server with a NETBIOS and a FQDN in the DNS field of the Subject Alternative name of the IIS cert.
I deleted the IIS cert, and reissued the certificate with just the FQDN and this resolved the problem.
Hope this helps if you get the same problem.