If it's not necessary to use a Gateway server in a situation where mutual authentication is not possible, for instance a small number of agents in an untrusted domain, DMZ or workgroup, the agents can be configured to use certificate based authentication to a management server.
Here are the basic steps:
Management Server side:
Agent or Gateway Side:
See the Security guide for more information about specifics on Certificate requests from Standalone as well as Enterprise CA's.
Final tip: Make sure you have the UI Settings\Security property set to Review new manual agent installations in pending management view enables with Auto-approve if necessary.