Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.

SSL Certificates Management - Easy Peasy with ZENworks 11 SP4

SSL Certificates Management - Easy Peasy with ZENworks 11 SP4

Certificates

ZENworks uses SSL certificates to protect & authenticate communications across the ZENworks management Zone. ZENworks provides you option to either use an internal ZENworks Certificates Authority (CA) or an external Certificate Authority (CA). Each Primary Server and Authentication Satellite Server has a signed certificate. These CA certificates are distributed to all the managed devices in the zone during agent installation that enables them to connect to servers in the zone.

Manually managing these SSL certificates is not the easiest of the tasks in the world. You need to know the certificate authority that issued the Zone certificate/server certificates, Certificate Status, validity period of the certificate, key strength of the certificate, expiry date of the certificate. In addition, you also need to be notified on soon-to-expire zone certificate or any of the server certificates, on receiving notifications you need easier means to replace expiring certificates or compromised certificates, automatically distributed the new certificates to all the managed devices in the zone or you need an option to change your CA from one to another based on your organization policies.

ZENworks 11 SP4 makes it really easy to take control of SSL Certificates in your Zone.


Note that ZENworks 11 SP4 shall be released in next few weeks.

Operations

 

ZENworks 11 SP4 provides a simplified user interface(ZCC) to manage SSL certificates by enabling the administrator to perform the below operations and most of these operations can be performed in less than two steps.

  • View Zone CA Certificate, Primary & Authentication Satellite Certificates

  • Get notifications on expiring certificate

  • Remint expiring/already expired/or compromised Zone CA certificates or any selected server certificate

  • Change from one Certificate Authority to another

  • Define the new certificate activation schedule

  • Option to cancel remint or change CA operation

  • Generate & Download CSRs if you are using an external CA

  • Automatically deploy new CA certificates to all managed devices in the zone via System Update


Remint-Change

If you are using internal ZENworks CA, you also have an option to perform the below operations

  • Backup your CA files

  • Restore the earlier backed-up CA files

  • Move CA from one primary server to another primary server in situations where you may want to bring down the CA server for maintenance or to replacing an old server with a new one etc


Backup-Restore-Move

The below ZCC's certificate management page shows how you can easily perform any of the above mentioned operations by click of a button.

ZCC-Certificates

Click here to see more details into each of these operations.

In case your CA has already expired, then the new certificate activation time shall be automatically labelled as Immediate and a standalone certificate remint tool shall be created in the ZENworks-setup  page. In this scenario there shall no communication between devices and servers in the zone as the certificate has expired and you need to manually use this tool to update the certificates on all devices.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2015-07-15 20:14
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.