Deploying SCOM Gateway Servers requires certificates on all servers in the Management Group and all Gateway Servers.
In this lab example, we are using our own internal Certificate Authority (CA).
If you need assistance in setting up a Certificate Authority, see my following guides:
Active Directory Certificate Services – Installation
Active Directory Certificate Services – Configuration
Prepare the Certificate
Open the Microsoft Management Console (MMC), by clicking Start > Run > MMC
When the MMC console opens, click on File > Add/Remove Snap-In
In the Add/Remove Snap-Ins window, select Certificate Templates, and Certification Authority and click Add; then click OK
Expand Certificate Templates
In the Certificate Templates console, right-click IPSec (Offline Request) and select Duplicate Template
On the General tab, enter a name like Operations Manager 2012 R2 Gateway Certificate
On the Request Handling tab, select Allow Private Key To Be Exported
On the Extensions tab, select Applications Policies and click Edit
On the Edit Application Policies Extension dialog, select the IP Security IKE Intermediate policy and click Remove
Next click Add and select the Client Authentication policy, and the Server Authentication policy, then press OK
On the Security tab, verify that Authenticated Users have Read rights, and Enroll rights, then press OK
Now we need to add the newly created template to the Certificate Authority. Start by expanding the Certificate Authority, and right-click on Certificate Templates then choose New > Certificate Template To Issue
On the Enable Certificate Templates dialog, select the template that we created, and click OK