SSL Certificates Management - Easy Peasy with ZENworks 11 SP4
ZENworks uses SSL certificates to protect & authenticate communications across the ZENworks management Zone. ZENworks provides you option to either use an internal ZENworks Certificates Authority (CA) or an external Certificate Authority (CA). Each Primary Server and Authentication Satellite Server has a signed certificate. These CA certificates are distributed to all the managed devices in the zone during agent installation that enables them to connect to servers in the zone.
Manually managing these SSL certificates is not the easiest of the tasks in the world. You need to know the certificate authority that issued the Zone certificate/server certificates, Certificate Status, validity period of the certificate, key strength of the certificate, expiry date of the certificate. In addition, you also need to be notified on soon-to-expire zone certificate or any of the server certificates, on receiving notifications you need easier means to replace expiring certificates or compromised certificates, automatically distributed the new certificates to all the managed devices in the zone or you need an option to change your CA from one to another based on your organization policies.
ZENworks 11 SP4 makes it really easy to take control of SSL Certificates in your Zone.
Note that ZENworks 11 SP4 shall be released in next few weeks.
ZENworks 11 SP4 provides a simplified user interface(ZCC) to manage SSL certificates by enabling the administrator to perform the below operations and most of these operations can be performed in less than two steps.
- View Zone CA Certificate, Primary & Authentication Satellite Certificates
- Get notifications on expiring certificate
- Remint expiring/already expired/or compromised Zone CA certificates or any selected server certificate
- Change from one Certificate Authority to another
- Define the new certificate activation schedule
- Option to cancel remint or change CA operation
- Generate & Download CSRs if you are using an external CA
- Automatically deploy new CA certificates to all managed devices in the zone via System Update
If you are using internal ZENworks CA, you also have an option to perform the below operations
- Backup your CA files
- Restore the earlier backed-up CA files
- Move CA from one primary server to another primary server in situations where you may want to bring down the CA server for maintenance or to replacing an old server with a new one etc
The below ZCC's certificate management page shows how you can easily perform any of the above mentioned operations by click of a button.
Click here to see more details into each of these operations.
In case your CA has already expired, then the new certificate activation time shall be automatically labelled as Immediate and a standalone certificate remint tool shall be created in the ZENworks-setup page. In this scenario there shall no communication between devices and servers in the zone as the certificate has expired and you need to manually use this tool to update the certificates on all devices.