http://blogs.technet.com/b/momteam/archive/2009/12/08/how-to-link-multiple-gateway-servers-together.aspxOverview: In Operations Manager, the Gateway server role is primary used for monitoring servers outside the Root Management Servers trusted Domain boundary. Another popular use of the Gateway role is for performance improvements by placing gateways inen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/momteam/archive/2009/12/08/how-to-link-multiple-gateway-servers-together.aspx#3300693Tue, 15 Dec 2009 13:48:28 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3300693michelk<p>Samuel , </p> <p>You are correct. That’s what i also was thinking. You don't need CA2. Just Make one root CA certificate and use this for all you GWs , the only thing you have to do next is to generate the correct client cert with the correct fqdn on based this root ca and import this one on the correct GW.</p> <p>But nerveless the article is still useful.</p> <p>michel kamp</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3300693" width="1" height="1">http://blogs.technet.com/b/momteam/archive/2009/12/08/how-to-link-multiple-gateway-servers-together.aspx#3300651Tue, 15 Dec 2009 12:25:29 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3300651Sam T<p>So, it's basically business-as-usual then.</p> <p>All GW's need a certificate and for it to be valid they have to trust the CA. The only thing that really differs from deploying a &quot;regular&quot; gateway compared to a chained gateway is that when approving the chained one, use the first one as ManagementServer.</p> <p>Am I right? Assigning certificates works exactly the same as with non-chained gateways in the simple scenario. And if you still need to have the Root CA-certificate for CA1 on GW2, why bother with CA2 at all? Am I missing a bigger picture?</p> <p>Regards,</p> <p>Samuel T</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3300651" width="1" height="1">