ZEN 11 Certificate Authority

psloat · ‎2011-04-14

Hi All,

I have two primary zen 11 servers and I was wondering if its possible to generate a CSR from each primary server so that I can give each server a signed cert from my NDS CA? I want to avoid the SSL browser issues from self-signed certs when browsing to the ZCC and such.

If I cannot us my NDS CA as the cert signer, is there a way to give each server an externally signed cert?

CRAIGDWILSON · ‎2011-04-15

There should not be any Browser errors going to your ZCC servers if your
DNS is correct.

On 4/14/2011 6:36 PM, psloat wrote:
>
> Hi All,
>
> I have two primary zen 11 servers and I was wondering if its possible
> to generate a CSR from each primary server so that I can give each
> server a signed cert from my NDS CA? I want to avoid the SSL browser
> issues from self-signed certs when browsing to the ZCC and such.
>
> If I cannot us my NDS CA as the cert signer, is there a way to give
> each server an externally signed cert?
>
>

--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!

nop19832 · ‎2011-04-15

If you used a internal CA from the first primary, then would you not get a certificate error or warning if your browser don't trust it?

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.

theflyingcorpse · ‎2011-04-15

If you are on a computer with the CA pub cert installed, and you use the FQDN to reach the server, there should not be any warnings about certificate.
Or use FireFox to permanently avoid it on a per-server basis (Not FireFox 4, not supported with the addins until SP1, such as group policies and fileupload)

nop19832 · ‎2011-04-15

Yep, we havn't installed the cert on all our pc's, only a few people who uses the ZCC. So if a lot of people needs to use the page (or some of the other pages) it would of course be a good idea to install it more general 😉

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.

psloat · ‎2011-04-25

I figured it out. I used the the following articles from the ZENworks 11 Installation Guide and Administration Reference:

Creating an External Certificate (Installation Guide):
Novell Documentation

Changing the Zone Certificate from Internal to External (Administration Reference):
Novell Documentation

nop19832 · ‎2011-04-26

Great, yes thats a possiple solution to this 😉

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.

Install

ZCM11