Have you ever had to managed non-domain joined agents? If you have you know you need to obtain certificates en-masse to deploy to new machines. Before today, this was a big headache for large numbers of machines that were non-domain joined.
Now there’s the CertGenWizard.exe.
CertGenWizard.exe is a wizard tool which will take your CA information as input (it isn’t required if you are running the wizard on the box with the CA), take in the computer names (has to be FQDNs), and send out a request for the certificates you need. Now, you no longer have to fill out the Certificate Request form or enter parameters or connect to the web enrollment service. Once the certificates are approved, there is a Retrieve button in the CertGenWizard which will allow you to retrieve the certificates that you have requested. On top of the personal certificates, the wizard will retrieve the root CA certificate.
The biggest benefit to this tool is the added ability to request multiple certificates at once. If you have 100 non-domain joined agents that you need to set up cert auth for, you can simply request all 100 machine certificates at once, retrieve them all, and manually bring them over to your other machines.
Once you have brought them to your other machines, CertInstaller.exe is a second tool that will install the certificates into the local machine store of your computer and run MOMCertImport.exe for you. Note: Install OpsMgr Agent FIRST and then run the tool!
DOWNLOAD: http://blogs.technet.com/momteam/attachment/3110628.ashx
kurtsh
Kurt Shintaku's Blog 