I believe that should be doable indeed, as long as the Management Servers are trusting the CA that signs the agent certificates...
Quick explanation here : https://operatingquadrant.com/2011/11/23/operations-manager-unixlinux-agent-certificates-and-using-a-pki/