Microsoft® System Center 2012 Unleashed

Securing DMZ Servers with Certificates

Servers in an organization’s DMZ are usually not domain members and, thus, cannot do automatic mutual authentication with the OpsMgr server. However, these servers are the most exposed in the organization and, thus, a critical asset to be monitored. Thankfully, there is a well-defined process for using certificates to handle the mutual authentication. Certificates on both the management servers and the agents are used to mutually authenticate their communications.

The certificates used for mutual authentication must:

• Have the Name field match the computer name in the Computer Properties

• Be configured with Server (1.3.6.1.5.5.7.3.1) and Client (1.3.6.1.5.5.7.3.2) OIDs

• Be marked as Exportable

• Have ...

Get Microsoft® System Center 2012 Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® System Center 2012 Unleashed by

Securing DMZ Servers with Certificates

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly