I’ve mentioned before that there is a benefit to using MP replicas in CM07/CM12. The primary site isn’t nagged by every single client’s policy requests directly (so you can scale better) and you get more uptime. If the primary site goes down, your clients can still get policy and still upload inventory and metering data.
The ease of setting up a replica for MPs in CM12 is much improved over CM07 because Microsoft gives us a stored procedure to run which not only creates the publication on the primary, but sets permissions to it correctly as well.
Microsoft’s wording about generating the cert for the MP is odd. Because you COULD install the replica on a middleman box and then point all your MPs to it, they keep talking about the database replica server instead of just saying "the MP." But don’t ever do it that way. Install SQL on the MP (the license is already included as this is a CM role) and create a replica on the MP. If you just offloaded the replica to another server and told all MPs to use that remote server, you only get the benefit off eleviating pressure on the primary site, but you get nothing for redundancy. If that one replica goes down, your MP will be useless.
So to clarify, you just run the PowerShell command on the MP and don’t need to import anything. If you think you are supposed to run it on the primary, export it and import it to the MP, you are wrong. You’ll just get a bunch of schannel errors in the event log and you’ll get error 500 on your MPLIST tests. And the mpcontrol log will reflect the same error.