Hi K. Kennedy
1. You can just perform SMP Server side upgrades and after that perform upgrade of SMA on Site Server(s) - then Site Servers plugins upgrade - and then client(s) SMA and other plug-ins upgrade
You can check similar thread about such case:
2. Need to make sure that there are "SMP Server CA" and "SMP Agent CA" certificates in "Trusted Root" on SMP Server machine. (Also rememver that after switching to HTTPs, all current managed endpoint may loose connection with SMP Server, due SSL Handshake error, etc).
If they aren't there, then ask support to get these certs on SMP server.
About HTTP/HTTPs on SMP Server:
About generation of "SMP Server CA" and "SMP Agent CA" certificates:
3. There is a "Default Internet Site" on Site Server Management page on SMP Console, where you can assign it to appropriate Site/Site Servers (There should be a mention about this in documentation). And if you have some remote Site Server(s), then add them to CEM gateway as Site Server as well.
4. Theorically you can install there SMA and then all required Site Server plug-ins, but I'm not sure that this will be a good way, when you have there CEM gateway and also Site Server components = Will be a overload to system?
Thanks,
IP.