Certificates
You can use certificates as an alternative to the Kerberos protocol for mutual authentication and encryption between an agent and the Essentials 2007 management server.
Essentials 2007 includes a utility, MOMCertImport, that configures Essentials 2007 to use a certificate. For more information, see How to Import Certificates.
When you obtain and install certificates for use with Operations Manager 2007, consider the following:
Certificates used on various components in Essentials 2007 (for example, agent, remote console, or management server) must be issued by the same certification authority (CA).
Each computer requires its own unique certificate.
Each computer must also contain the root certification authority certificate in its Trusted Root Certification Authorities store and any intermediate certification authorities in the Intermediate Certification Authorities store.
The Subject Name field for the certificate must contain the DNS fully qualified domain name (FQDN) of the host computer.
The certificates need to support the following two extended key usage fields, server authentication and client authentication, which are represented by the two OIDs 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2.
Note
When entering OIDs, separate each OID by a comma. For example, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 exactly as shown.
The basic order of operations for installing a certificate is as follows:
Obtain the certificate for each Essentials 2007 component.
Use the MOMCertImport tool specifying the certificate in the certificate store.