You'll need to set up a specific certificate template as Jamf describes in their documentation. Even then, it is likely that you'll have issues if you're using HTTPS.
In the SCCM current branch, there is a bug in the way the MP interprets the OID for the certificate, even if it's created properly; this prevents SCCM from verifying the signature on the data being submitted. Microsoft has it logged as a bug and mentioned that it should be fixed in the current branch 1702 update, but until then you'll probably have to either stick with HTTP or find another workaround.
@drhoten (who spent a ton of time troubleshooting with Microsoft, our InfoSec guys, and me) asked for a defect number a few times, but unless Microsoft answered him separately, one hasn't been provided. If you're going to pursue things with Microsoft and want my case number, let me know and I'll send it privately.
