Problem changing Certificate on satellite servers
Last month we decided to move to external CA from internal. After importing the external root CA, I have generated CRS-s with ZENworks built-in CSR generator (Configuration/Certificates) for 2 primary and 3 satellite servers. I've signed all 5 CSR-s, and imported them via ZCC.
No issues with the primary servers, everything went fine, however the satellites.. I can see that the certificates have been uploaded, however the update status is still "Waiting For Certificate". I've tried refreshing the satellites multiple times, no luck..
The satellites have authentication roles assigned, so after checking the documentation I tried using the zac iac -pk /tmp/key.der -c /tmp/vm-zcm-proxy1.der -ca ca.der -rc command on the satellite servers. As a result I get the following error code: The registered zone's certificate authority does not match the specified certificate authority certificate. The expected certificate authority is "vm-zcm-app01.npsh.hu",
but the specified certificate authority is "DigiCert Assured ID Root CA".
I'm clearly doing something wrong, but I can't figure out what. It seems to me, that the satellites did not even recieve the CA change update correctly, since it is still referring to the old internal CA..
Thank you in advance.