Build a lab CA to generate certificates for SCOM agents
I had to test adding a gateway to SCOM that was in a workgroup. I installed a CA on my DC so I could generate certs to install on the mgmt server and gateway. I used these articles to do it. To make the DC an enterprise root CA follow this: https://gallery.technet.microsoft.com/Installing-the-Root-CA-db1c6200 You'll get an error when you hit the certsrv website coz you need to add a cert to the IIS website first. This article helped with that: https://social.technet.microsoft.com/wiki/contents/articles/12039.active-directory-certificate-services-ad-cs-error-in-order-to-complete-certificate-enrollment-the-web-site-for-the-ca-must-be-configured-to-use-https-authentication.aspx You should see event id 20053 (source= OpsMgr Connector) in Ops log to say "The OpsMgr Connector has loaded the specified authentication certificate successfully."