You can use certificates as an alternative to the Kerberos protocol for mutual authentication and encryption between an agent and the Essentials 2007 management server.
Essentials 2007 includes a utility, MOMCertImport, that configures Essentials 2007 to use a certificate. For more information, see How to Import Certificates in Essentials 2007.
When you obtain and install certificates for use with Operations Manager 2007, consider the following:
-
Certificates used on various components in Essentials 2007 (for example, agent, remote console, or management server) must be issued by the same certification authority (CA).
-
Each computer requires its own unique certificate.
-
Each computer must also contain the root certification authority certificate in its Trusted Root Certification Authorities store and any intermediate certification authorities in the Intermediate Certification Authorities store.
-
The Subject Name field for the certificate must contain the DNS fully qualified domain name (FQDN) of the host computer.
-
The certificates need to support the following two extended key usage fields, server authentication and client authentication, which are represented by the two OIDs 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2.
.gif) Note |
|---|
|
When entering OIDs, separate each OID by a comma. For example, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 exactly as shown. |
The basic order of operations for installing a certificate is as follows:
-
Obtain the certificate for each Essentials 2007 component.
-
Use the MOMCertImport tool specifying the certificate in the certificate store.
See Also