Do certificates have to be issued from the same Root Certification Authority. We only currently able to issue certificates to our internal domain computers. We were hoping we could use OpenSSL to create a cert for the Bastion host and use a different Root CA for our internal management server. Thanks, Bob

The agent needs to trust whatever cert is on the management server and the other way round. This means you can use 2 different CA's, but it's still required to copy the root cert in the trusted root store of the bastion host (else this will never trust the management server).Rob Korving http://jama00.wordpress.com/

Thanks for the reply Rob, Since we don't have a CA, can you recommend any tools to create a cert? or what steps we coul use to get htis communications with the bastion host? -Bob

Hi, Please check if the following information will help: Obtaining Certificates for Non-Domain Joined Agents Made Easy With Certificate Generation Wizard http://blogs.technet.com/b/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx Obtaining Certificates for Ops Mgr via Command Line or Script http://blogs.technet.com/b/momteam/archive/2008/06/02/obtaining-certificates-for-ops-mgr.aspx Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.