Hi,
I am planning to deploy a gateway in a non-trusted domain and just want to check I am doing this correctly based on some limitations I have in place.
First of all I should explain that I cannot access the (Windows 2003) CA portal from a Windows 2008 machine only from a Windows 2003 server. There are a few reasons for this where I am and although I am sure parts could get sorted to allow me to do so much it isn’t going to happen.
My SCOM notes for doing this have been from SCOM 2007 using Windows 2003 so I would be using the web portal for most of the work whereas now I am trying to understand which portions I can do from where.
First off my understanding is that I am going to log onto the CA and using the Certification Authority export aPKCS #7 Certificate as TrustedCA.p7b
As I understand it then on BOTH the SCOM Management server (just the one that the gateway will connect to?) AND the gateway in the other domain I import this certificate - I presume at this point I have imported the root CA so any certificates after that can be trusted?
What I would have done now is created an INF file which I have a template for and used CERTREQ to create a REQ file. My first question I have never quite understood.. Given that the server name(s) are part of the INF file does CertReq actually have to be run on THAT server? Or if you have the INF can be run on any server?
I would normally then go the web portal and import this REQ file in as an advanced request and receive back the certificate. However given that I can’t do this request from the actual management server or gateway does this actually matter or can I do the request from ANY Windows 2003 server, receive the certificate back and then do the import on the actual Management Server and Gateway?
I think you can see from the above a lot of my confusion revolves around which parts of this process can be done on what server..
Thanks