this is part 2 of a series about Mutual Authentication for SCOM.
In my previous post I wrote about what to set up on Root CA. This post is about the certification request on Operations Manager Management Server.
Start mmc and add snap- in for certificates for computer account.
“Request New Certificate”Select your recently created certificate template and hit on “More information is required to enroll for this certificate. Click here to configure”
In “Extensions” / “Key Usage” make sure that the “Selected options” are “Digital signature” and “Key encipherment” and in “Extend Key Usage (application policies)” “Server Authentication” and “Client Authentication” are checked in.
In “Pricate Key” / “Cryptographic Service Provider” have a look at “Microsoft RSA SChannel Cryptographic Provider (Encryption)” and “Microsoft Enhanced Cryptographic Provider v1.0 (Encryption)” are enabled.
To make sure the request went fine – double click on the certificate and have a look at certification path. If everything is okay it will look like this or even close…
You can find “MOMCertImport.exe”on the ISO File at “\SupportTools\AMD64”
Now you need to request the exactly same certificate with the difference to request it for the gateway or DMZ server. So all you’ve got to do is to switch the hostname within the re
In the next part I’ll tell you how to make your gateway or DMZ server ready for mutual authentication.