Mutual Authentication for SCOM Part 2: Certificate Request

Yo-ho-ho,

this is part 2 of a series about Mutual Authentication for SCOM.

Mutual Authentication for SCOM Part 1: Root CA

Mutual Authentication for SCOM Part 3: Prepare Gateway /DMZ server for Mutual Authentication

In my previous post I wrote about what to set up on Root CA. This post is about the certification request on Operations Manager Management Server.

Start mmc and add snap- in for certificates for computer account.

“Request New Certificate” 2014-12-17 19_10_07-wwscom000326 - Remote Desktop Connection Select your recently created certificate template and hit on “More information is required to enroll for this certificate. Click here to configure”

You should fill out “Common name” and “DNS” and I recommend to attach more information like Locality or Country.

I also recommend to fill in the FQDN in “General” “Firendly name”

In “Extensions” / “Key Usage” make sure that the “Selected options” are “Digital signature” and “Key encipherment” and in “Extend Key Usage (application policies)” “Server Authentication” and “Client Authentication” are checked in.

Everything else in Extensions can be left as is.

In “Pricate Key” / “Cryptographic Service Provider” have a look at “Microsoft RSA SChannel Cryptographic Provider (Encryption)” and “Microsoft Enhanced Cryptographic Provider v1.0 (Encryption)” are enabled.

As well as “Key size” is “2048”, “Make private key exportable” are set.

Take care that your CA is deposited

Leave “Signature” as is and “Enroll” the certificate…

To make sure the request went fine – double click on the certificate and have a look at certification path. If everything is okay it will look like this or even close…

As a final step you need to import the certificate with “MOMCertImport.exe” and make it available for Operations Manager.

You can find “MOMCertImport.exe”on the ISO File at “\SupportTools\AMD64”

Select the Certificate and hit on “OK”

Now you need to request the exactly same certificate with the difference to request it for the gateway or DMZ server. So all you’ve got to do is to switch the hostname within the re

In the next part I’ll tell you how to make your gateway or DMZ server ready for mutual authentication.

*Captain

Submit a comment on “Mutual Authentication for SCOM Part 2: Certificate Request” Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.