Yo-ho-ho,
this is part 2 of a series about Mutual Authentication for SCOM.
Mutual Authentication for SCOM Part 1: Root CA
Mutual Authentication for SCOM Part 2: Certificate Request
Mutual Authentication for SCOM Part 3: Prepare Gateway /DMZ server for Mutual Authentication
In my previous post I wrote about what to set up on Root CA. This post is about the certification request on Operations Manager Management Server.
Start mmc and add snap- in for certificates for computer account.
“Request New Certificate”Select your recently created certificate template and hit on “More information is required to enroll for this certificate. Click here to configure”
You should fill out “Common name” and “DNS” and I recommend to attach more information like Locality or Country.
I also recommend to fill in the FQDN in “General” “Firendly name”
In “Extensions” / “Key Usage” make sure that the “Selected options” are “Digital signature” and “Key encipherment” and in “Extend Key Usage (application policies)” “Server Authentication” and “Client Authentication” are checked in.
Everything else in Extensions can be left as is.
In “Pricate Key” / “Cryptographic Service Provider” have a look at “Microsoft RSA SChannel Cryptographic Provider (Encryption)” and “Microsoft Enhanced Cryptographic Provider v1.0 (Encryption)” are enabled.
As well as “Key size” is “2048”, “Make private key exportable” are set.
Take care that your CA is deposited
Leave “Signature” as is and “Enroll” the certificate…
To make sure the request went fine – double click on the certificate and have a look at certification path. If everything is okay it will look like this or even close…
As a final step you need to import the certificate with “MOMCertImport.exe” and make it available for Operations Manager.
You can find “MOMCertImport.exe”on the ISO File at “\SupportTools\AMD64”
Select the Certificate and hit on “OK”
Now you need to request the exactly same certificate with the difference to request it for the gateway or DMZ server. So all you’ve got to do is to switch the hostname within the re
In the next part I’ll tell you how to make your gateway or DMZ server ready for mutual authentication.
*Captain
Submit a comment on “Mutual Authentication for SCOM Part 2: Certificate Request”