ZENworks uses SSL certificates to protect & authenticate communications across the ZENworks management Zone. ZENworks provides you option to either use an internal ZENworks Certificates Authority (CA) or an external Certificate Authority (CA). Each Primary Server and Authentication Satellite Server has a signed certificate. These CA certificates are distributed to all the managed devices in the zone during agent installation that enables them to connect to servers in the zone.
Manually managing these SSL certificates is not the easiest of the tasks in the world. You need to know the certificate authority that issued the Zone certificate/server certificates, Certificate Status, validity period of the certificate, key strength of the certificate, expiry date of the certificate. In addition, you also need to be notified on soon-to-expire zone certificate or any of the server certificates, on receiving notifications you need easier means to replace expiring certificates or compromised certificates, automatically distributed the new certificates to all the managed devices in the zone or you need an option to change your CA from one to another based on your organization policies.
Note that ZENworks 11 SP4 shall be released in next few weeks.
ZENworks 11 SP4 provides a simplified user interface(ZCC) to manage SSL certificates by enabling the administrator to perform the below operations and most of these operations can be performed in less than two steps.
The below ZCC's certificate management page shows how you can easily perform any of the above mentioned operations by click of a button.
Click here to see more details into each of these operations.
In case your CA has already expired, then the new certificate activation time shall be automatically labelled as Immediate and a standalone certificate remint tool shall be created in the ZENworks-setup page. In this scenario there shall no communication between devices and servers in the zone as the certificate has expired and you need to manually use this tool to update the certificates on all devices.