We recently moved to a new certificate Authority and I had to configure new certs for the SCOM servers and the Clients that connect, that are in our DMZ.It took a while to create the certs (), but once we had them it was easy.Well it was on some servers.

We created the certs with the ability to export the private key as this is a requirement for SCOM, however they didn’t work.When we looked at the Cert (double click the .cer file) we couldn’t see the key icon, which shows that the private key is part of the cart.Which is a bit odd

Luckily I work with a scom expert, who identified this common issue.The steps to resolve it are below.

1. Import the Cert into the Local Machine, Personal Cert folder
2. Make a note of the Serial Number
3. Run this command from an elevated command prompt “Certutil -repairstore My "
4. Run MomCertImport from an elevated command prompt and install the cert (use the gui rather than the command line as its much easier)
5. Restart the health service on the server

Once we had done this, it all started working