Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
lpusztai
Visitor.
105 views

Problem changing Certificate on satellite servers

Hi everyone!

Last month we decided to move to external CA from internal. After importing the external root CA, I have generated CRS-s with ZENworks built-in CSR generator (Configuration/Certificates) for 2 primary and 3 satellite servers. I've signed  all 5 CSR-s, and imported them via ZCC.

No issues with the primary servers, everything went fine, however the satellites..  I can see that the certificates have been uploaded, however the update status is still "Waiting For Certificate". I've tried refreshing the satellites multiple times, no luck..

The satellites have authentication roles assigned, so after checking the documentation I tried using the zac iac -pk /tmp/key.der -c /tmp/vm-zcm-proxy1.der -ca ca.der -rc command on the satellite servers. As a result I get the following error code: The registered zone's certificate authority does not match the specified certificate authority certificate. The expected certificate authority is "vm-zcm-app01.npsh.hu",
but the specified certificate authority is "DigiCert Assured ID Root CA".

I'm clearly doing something wrong, but I can't figure out what. It seems to me, that the satellites did not even recieve the CA change update correctly, since it is still referring to the old internal CA..

Thank you in advance.

Labels (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.