This is a 3 part series about Mutual Authentication for SCOM.
To be honest this is a big one for me. It took me days to figure out to figure out what I needed to fill in every field and what is required.
So what do you need?
Let’s start with duplicating the required certificate. Go to your root CA and open a new mmc. Hit on “File” and “Add/Remove Snap-in…” Select “Certificate Templates” and add it to the selected snap-ins
Search for IPSec (offline request), right -click and duplicate it.
Leave “Compatibility” as is
In “General” give it a name – I had good experience with something like: Company Name – Use of the Certificate – Validity period – Version number
and “Superseded Templates”
Next tab is security. You’ve got to give “Authenticated Users” the right to “Enroll”
and we need to add “Domain Computers” allow on “Read”, “Write” and “Enroll”.
The certificate template will appear what means that it is available for requests by now. So you’re done at the CA. Next step is to request the certificate on your SCOM server. You will find the guide in Part 2.