This one is a little old but we get a lot of requests for step-by-steps- so I thought it would be worth another mention. The System Center Configuration Manager team blog has a great post on requesting an AMT provisioning certificate with a Windows Server 2008 certificate authority. I have the intro below but you can read the entire post here.
With the December documentation update for the Configuration Manager library, we posted a new step-by-step guide for out of band management, to help customers deploy the PKI certificates with a Windows Server 2008 CA (http://technet.microsoft.com/en-us/library/dd252737.aspx). One of the main differences with this guide from the equivalent step-by-step that used a Windows Server 2003 CA was that it didn't have a procedure for requesting an AMT provisioning certificate from an external (public) CA. In the Windows Server 2003 CA step-by-step, we said follow any instructions provided by the CA company; otherwise use the Web enrollment procedure to create a certificate request file.
J.C. Hornbeck | Manageability Knowledge Engineer