Yo-ho-ho,
this is part 3 of a series about Mutual Authentication for SCOM.
Mutual Authentication for SCOM Part 1: Root CA
Mutual Authentication for SCOM Part 2: Certificate Request
Mutual Authentication for SCOM Part 3: Prepare Gateway /DMZ server for Mutual Authentication
In my previos posts I’ve written about: how to set up root CA for MA and how to request the certificate by the use of templates.
In this short post I’ll try to explain you what you need to do to set up the gateway / DMZ server.
Export the certificate on SCOM server.
Check “Yes, export the private key”
Make sure that “Include all certificates in the certification path if possible is” checked.
Type in a password and click on “Next”.
Give it a name and export it.
Copy the certificate.pfx and the “MOMCertImport.exe” to the gateway/DMZ/unjoined server. Start mmc load Certificates for local computer and import the certificate
Import the certificate to your Personal Certificate Store.
And finally import the certificate via MOMCertImport.exe like we did it before (in part 2).
If you are about to set up the connection for a domain unjoined server or a DMZ, server this is the point where you are ready.
If you want to set up a gateway server you need to copy “Microsoft.EnterpriseManagement.GatewayApprovalTool.exe” from SCOM Server “C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server” to the future gateway server and run the installation, which is pretty much straight forward.
Technet: How to Deploy a Gateway Server
*Captain
Submit a comment on “Mutual Authentication for SCOM Part 3: Prepare Gateway /DMZ server for Mutual Authentication”