PKI test connectivity fails in XMS/CEM in PKI SSL client certificate.

As per Microsoft KB5005413 update, you have to select "Accept" in step 3 to "Enable Require SSL" option. This option is required to accept HTTPS connections. 

Problem Cause

If the Microsoft KB5005413 update is applied, the SSL settings are default to "Ignore". As a result, XenMobile Server / Citrix Endpoint Management will not be able to connect to the Active Directory Certificate Authority (CA) server over HTTPS.