I was able to install the cert on the management server, but I'm not able to install on the Gateway server. Before I start giving specific error message, I wanted to make sure I'm doing it correctly.
All of our servers are Windows 2008 R2. My Certificate server and management server are in the same domain... say, Production.com. The gateway server is in the dmz (dmz.com) which does not have a trust setup with Production.com.
So my first question: Creating the request file for the gateway server, do I need to run the CertReq -New.... from the gateway server and then transfer this back to the certificate server in the Production.com domain?
Your solution guide is simply great. Helped me a lot.
THX for sharing this great utils.
>need the cert installed and imported using the MOMCertImport?
You need the cert installed (and registred with MOMCertImport) on:
2. Management server(s) that this gateway will communicate
3. Any agent that will communicate with your gateway without _kerberos_ trust (gateway and agent in one forest or in forests that have FULL forest trust).
In short: you need certs on BOTH sides of communication channel if you can't use kerberos for this communications.
Thanks for this great How To. The only question I have is around what server, other than the Gateway, need the cert installed and imported using the MOMCertImport? For example, I have one gateway server, one management server and one RMS. Do I need to install the cert and then use MOMCertImport on the Management server and the RMS?
© 2008 - 2020 - Sysadmins LV. All rights reserved