This article describes process of obtaqining and installing a digital certificate for OpsMgr agent that is not a member of your AD forest or a trusted forest. This article assumes that your managed computer is running one of the following operating systems:

• Windows 2000
• Windows XP
• Windows Vista
• Windows 7
• Windows 8/8.1
• Windows 10
• Windows 2000 Server
• Windows Server 2003 (including R2)
• Windows Server 2008 (including R2 and Server Core)
• Windows Server 2012 (including R2 and Server Core)

 Target audience is OpsMgr administrators that have limited or no understanding of what certificates are and how PKI works. Described below is not the only way to achieve the same or similar goal but it implements many of PKI Best Practices.

In this article

• Prerequisites
  All steps described in this section must be completed in both scenarios
  • Existing Certification Authority (CA)
  • Export Certificates of CA Hierarchy
  • Distribute Certificates of CA Hierarchy
• Scenario 1 Certification Authority server is configured as Standalone CA and running one of the following operating systems: Windows Server 2003/2003 R2/2008/2008 R2 Standard, Enterprise or Datacenter edition.
  • Prepare certificate request template
  • Create a request file to use with an Standalone Certification Authority
  • Submit a request file to Standalone Cetrtification Authority
  • Install issued certificate to managed computer
  • Import certificates using MOMCertImport
• Scenario 2
  Certification Authority server is configured as Enterprise CA and running one of the following operating systems: Windows Server 2003/2003 R2/2008/2008 R2.
  • Prepare certificate template
  • Add new template to Issuing Enterprise CA
  • Prepare certificate request template
  • Create a request file to use with an Enterprise CA
  • Submit a request file to Enterprise Cetrtification Authority
  • Install issued certificate to managed computer
  • Import certificates using MOMCertImport