Same procedure for a gateway server in DMZ
1.1 - Generating the certificate
RDP to your Operations Manager (it's a good idea to have all the certificates at one server) Start Internet Explorer and navigate to: https://yourCAserver/certsrv
If the server in DMZ is in a domain, you need the FQDN (for example servername.domainindmz.local)
If the server is in workgroup, the servername is sufficient
Export the Company Root Chain Certificate also! You need both installed on the server in workgroup/domain in DMZ in order for it to communicate with our