SCOM Trick 48 – Certificate validation

Certificates can play an important role in SCOM when monitoring machines in non-trusted domains and workgroups. During the past years we have seen all kinds of things that can go wrong with certificates, especially during the initial stages. Mostly because the procedures were not being followed (read documentation) or that certificates of the wrong kind or with the wrong name were requested and issued.
A very nice posting about how to get the right certificates for use with SCOM is the following:
http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=5
Don’t forget to make sure the CA (chain) that signed your certificate is trusted. Make sure it is still valid. Make sure it is of the right type (check the OID’s that they are for server authentication and client authentication), check that it has the right servername listed.
Especially for checking all certificates for validity there is also a management pack written by Raphael Burri with Pete Zerger and Jaime Correia. This is not limited to certificates used for SCOM, but all of them. This is another community MP that I use often. It can be found at: http://www.systemcentercentral.com/tabid/145/indexid/24860/default.aspx. Be sure to read documentation included, so you will have maximum pleasure from this MP B)
Back to the SCOM Tricks general list