If you’re going to enable secure communications to the TMG firewall, you have to have certificates installed on the TMG firewall. The most common way to do that is to request certificates directly from the firewall to an internal certificate server. But, unless you have the firewall configuration done correctly, there’s a good chance the certificate request will fail.
Find out what you need to do in order to make this work at: http://tmgblog.richardhicks.com/2014/04/21/forefront-tmg-2010-computer-certificate-request-or-renewal-fails/