Renew Certificates SCOM 2007 r2


I recieved the following alert in System Center Operations Manager 2007 r2 on our Root Management Server (RMS) and Gateway server.

The certificate used for mutual authentication is expiring on 07/09/2012 6:32:15 AM GMT. If this certificate is not updated by this time, this Health Service will not be able to communicate with other Health Services.

To renew the certificate on the Root Management Server(RMS) or Gateway follow the following steps:

  1. Request a certificate from your certificate authority using the Operations Manager Template and install it on the RMS Sever. More information on How to Obtain a Certificate Using Windows Server 2003 Enterprise CA in Operations Manager 2007 r2 click here. If you are using a Windows Server 2008 Certificate authority click here.
  2. Check in the MMC console that the newly installed certificate has “Server Authentication” and “Client Authentication” by double clicking the certificate – Details – Enhanced Key Usage.
  3. Export the generated certificate from the Certificates console and select “Yes, export the private key” on the first page of the wizard.
  4. Save the certificate as .PFX file, and specify a password for it.
  5. Remove the old imported certificates from System Center Operations Manager with the command MOMCertImport.exe /Remove.
  6. Install the new certiicate with the following command line: “MOMCertImport.exe C:\cert.pfx /Password P@ssw0rd
  7. Check if the registry value “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\MachineSettings\ChannelCertificateSerialNumber” of Serial Number matches that you see in the Properties page of the certificate (the string is in a reverse order).
  8. Restart the System Center Operation Manager health services on the RMS and gateway servers to see if the update is succeeded.

More information on this issue can be found here.