psloat

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-14
23:18
3927 views
ZEN 11 Certificate Authority
Hi All,
I have two primary zen 11 servers and I was wondering if its possible to generate a CSR from each primary server so that I can give each server a signed cert from my NDS CA? I want to avoid the SSL browser issues from self-signed certs when browsing to the ZCC and such.
If I cannot us my NDS CA as the cert signer, is there a way to give each server an externally signed cert?
I have two primary zen 11 servers and I was wondering if its possible to generate a CSR from each primary server so that I can give each server a signed cert from my NDS CA? I want to avoid the SSL browser issues from self-signed certs when browsing to the ZCC and such.
If I cannot us my NDS CA as the cert signer, is there a way to give each server an externally signed cert?
6 Replies
CRAIGDWILSON

Micro Focus Expert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-15
03:21
There should not be any Browser errors going to your ZCC servers if your
DNS is correct.
On 4/14/2011 6:36 PM, psloat wrote:
>
> Hi All,
>
> I have two primary zen 11 servers and I was wondering if its possible
> to generate a CSR from each primary server so that I can give each
> server a signed cert from my NDS CA? I want to avoid the SSL browser
> issues from self-signed certs when browsing to the ZCC and such.
>
> If I cannot us my NDS CA as the cert signer, is there a way to give
> each server an externally signed cert?
>
>
--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
DNS is correct.
On 4/14/2011 6:36 PM, psloat wrote:
>
> Hi All,
>
> I have two primary zen 11 servers and I was wondering if its possible
> to generate a CSR from each primary server so that I can give each
> server a signed cert from my NDS CA? I want to avoid the SSL browser
> issues from self-signed certs when browsing to the ZCC and such.
>
> If I cannot us my NDS CA as the cert signer, is there a way to give
> each server an externally signed cert?
>
>
--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
nop19832

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-15
05:13
If you used a internal CA from the first primary, then would you not get a certificate error or warning if your browser don't trust it?
-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
theflyingcorpse

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-15
06:10
If you are on a computer with the CA pub cert installed, and you use the FQDN to reach the server, there should not be any warnings about certificate.
Or use FireFox to permanently avoid it on a per-server basis (Not FireFox 4, not supported with the addins until SP1, such as group policies and fileupload)
Or use FireFox to permanently avoid it on a per-server basis (Not FireFox 4, not supported with the addins until SP1, such as group policies and fileupload)
nop19832

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-15
07:30
Yep, we havn't installed the cert on all our pc's, only a few people who uses the ZCC. So if a lot of people needs to use the page (or some of the other pages) it would of course be a good idea to install it more general 😉
-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
psloat

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-25
22:09
I figured it out. I used the the following articles from the ZENworks 11 Installation Guide and Administration Reference:
Creating an External Certificate (Installation Guide):
Novell Documentation
Changing the Zone Certificate from Internal to External (Administration Reference):
Novell Documentation
Creating an External Certificate (Installation Guide):
Novell Documentation
Changing the Zone Certificate from Internal to External (Administration Reference):
Novell Documentation
nop19832

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2011-04-26
11:50
Great, yes thats a possiple solution to this 😉
-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.