Certificates for Bastion Host
Do certificates have to be issued from the same Root Certification Authority.
We only currently able to issue certificates to our internal domain computers.
We were hoping we could use OpenSSL to create a cert for the Bastion host and use a different Root CA for our internal management server.
Thanks,
Bob
November 30th, 2010 12:03pm
The agent needs to trust whatever cert is on the management server and the other way round. This means you can use 2 different CA's, but it's still required to copy the root cert in the trusted root store of the bastion host (else this will never trust
the management server).Rob Korving
http://jama00.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2010 12:12pm
Thanks for the reply Rob,
Since we don't have a CA, can you recommend any tools to create a cert? or what steps we coul use to get htis communications with the bastion host?
-Bob
November 30th, 2010 1:59pm
Hi,
Please check if the following information will help:
Obtaining Certificates for Non-Domain Joined Agents Made Easy With Certificate Generation Wizard
http://blogs.technet.com/b/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx
Obtaining Certificates for Ops Mgr via Command Line or Script
http://blogs.technet.com/b/momteam/archive/2008/06/02/obtaining-certificates-for-ops-mgr.aspx
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2010 3:00am