You can use certificates as an alternative to the Kerberos protocol for mutual authentication and encryption between an agent and the Essentials 2007 management server.
Essentials 2007 includes a utility, MOMCertImport, that configures Essentials 2007 to use a certificate. For more information, see How to Import Certificates in Essentials 2007.
When you obtain and install certificates for use with Operations Manager 2007, consider the following:
- Certificates used on various components in Essentials 2007
(for example, agent, remote console, or management server) must be
issued by the same certification authority (CA).
- Each computer requires its own unique certificate.
- Each computer must also contain the root certification
authority certificate in its Trusted Root Certification Authorities
store and any intermediate certification authorities in the
Intermediate Certification Authorities store.
- The Subject Name field for the certificate must contain
the DNS fully qualified domain name (FQDN) of the host
- The certificates need to support the following two extended key
usage fields, server authentication and client authentication,
which are represented by the two OIDs 126.96.36.199.188.8.131.52.1 and
Note When entering OIDs, separate each OID by a comma. For example, enter 184.108.40.206.220.127.116.11.1,18.104.22.168.22.214.171.124.2 exactly as shown.
The basic order of operations for installing a certificate is as follows:
- Obtain the certificate for each Essentials 2007
- Use the MOMCertImport tool specifying the certificate in the