The OpsMgr 2007 product team just announced their new Certificate Generation Wizard over on the MOMTeam blog. If you need to obtain certificates for non-domain joined agents then this is the tool for you:
We have created a new UI tool to make obtaining mass certificates easy.
Here at OpsMgr, we understand the pain that you have to go through to configure certificate authentication to deploy non-domain joined agents. There are many things we've provided for you to make obtaining certificates easier. However, we know we're far from getting to that seamless solution, and are continually providing new tools to help facilitate this process.
Here's a quick lowdown: To mutually authenticate the non-domain joined agent, both the non-domain joined agent and the server both require a personal computer certificate and a root CA certificate. This can be accomplished through two basic steps:
1. Request and acquire the certs from a Certification Authority (CA).
Your company may already have an Enterprise CA set up if using PKI, but if not, you can install a CA (just add it as a role, like you do any other role in Win2K3 and up) and request certificates from there.
2. Install the certificates onto the local machine certificate store of the agent and server computer. Run MOMCertImport.exe tool.
This step is required to, in a sense, "register" your certificates to your computer. The MOMCertImport tool will alert OpsMgr of which certificates you would like to use.
J.C. Hornbeck | Manageability Knowledge Engineer