This is harder than it should be. Here are my notes on doing this.
1. On cert server go here: http://blah/certsrv/
2. request cert. choose type other and paste in the below OID
3. OID = 18.104.22.168.22.214.171.124.1,126.96.36.199.188.8.131.52.2
4. Make sure to check key exportable. Make sure to use FQDN of server for name and common name.
5. Open up server mgt for certificate manager and approve.
6. Go back to website, install the cert.
7. Mmc, certificates for personal. Export the cert. make private key exportable.
8. Copy cert to client server.
9. On server do mmc for client, import cert, mark as exportable.
10. Run momcertimport on client, choose cert.
11. Restart system center manager service on client.
12. Wait a min and go to mom console, administration, pending management. Approve it.