When installing the v2.0 .NET redist package, you'll find that the .Net Configuration MMC snap-in is missing. As of v2.0, we've moved this tool to the SDK package, which you can download here: [x86] [x64] [IA64].
The split of security tools between the redist and SDK is:
- .NET Configuration Snapin
Incidentally, the CLR team doesn't own CertMgr, MakeCert, or SignTool even though they ship in the SDK.