Highlighted
Absent Member.
Absent Member.
867 views

Re-Creating Certificates - Will my Agents stop working?

In reference to the following:

Novell Documentation
http://forums.novell.com/novell-product-discussions/endpoint-management/zenworks/configuration-management/zcm-11/zcm11-remote-management/460670-remote-management-problems-due-microsoft-patch.html

I need to replace my 512bit certificates with 1024bit or greater certificates. I don't see a problem doing this on my Primary and Satellite servers, but will my managed device agents stop communicating once I replace the certificates on the Primary and Satellite servers?

If my managed devices will keep communicating then I can build a bundle to script the following:
zac unr -f
zac cc
delete <ZENworks_installation_directory>\Novell\ZENworks\cache\zmd\ /s
zac reg https://SERVER.FQDN:443

This would be a big problem if I have to manually do this to all of my users machines.

Thanks
Labels (2)
0 Likes
5 Replies
Highlighted
Absent Member.
Absent Member.

Re: Re-Creating Certificates - Will my Agents stop working?

I am wondering if you could just create an AutoIT script that would provide the managed device with the correct Administrative rights and each step so that the process would be seamless to the end user. You can compile the script into an EXE that could be deployed either by login script or bundle and run independent of ZCM. I have done this in the past with a progress bar providing each step to the end user.

Richard
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Re-Creating Certificates - Will my Agents stop working?

That would only be necessary if the process did not go as planned.
There are steps, which I have never done myself, which allow you to
import a cert to be used in the future that will be pushed to devices
and then at a point in the future use the new cert.

This is really the process you would want to use if possible, i believe.

However, I never give details on doing certs in the forums since getting
it wrong is a nasty thing.

On 3/13/2013 10:06 PM, rhuhman wrote:
>
> I am wondering if you could just create an AutoIT script that would
> provide the managed device with the correct Administrative rights and
> each step so that the process would be seamless to the end user. You can
> compile the script into an EXE that could be deployed either by login
> script or bundle and run independent of ZCM. I have done this in the
> past with a progress bar providing each step to the end user.
>
> Richard
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Re-Creating Certificates - Will my Agents stop working?

Is there any documentation on this then, or should I open a support ticket?
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Re-Creating Certificates - Will my Agents stop working?

Looks like I can use this command: zman server-add-certificate

C:\Documents and Settings\Administrator>zman server-add-certificate --help

server-add-certificate: Adds a second valid certificate for a server in preparation for replacing a certificate that is about to expire.

Can anyone confirm??

http://www.novell.com/communities/node/12649/zenworks-managing-expired-certificates
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Re-Creating Certificates - Will my Agents stop working?

Contacted Novell and they supplied me with the following link: Support | Devices cannot communicate after applying MS update 2661254
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.