Blog Entry

When you install ZENworks Configuration Management, one of the first choices you are asked to make is whether to use an internal or external Certificate Authority.

The managed agent uses .NET code to communicate via TLS with the ZCM server. Installation of the managed agent automatically updates the client's local machine trusted root authority certificate store with the the CA (Certificate Authority) of the server.

The main sticky points I see with DNS are making sure that the URL used to connect to the Primary Server is the same DNS name as the server itself. So long as the CA has signed the cert of the primary server (performed during the Primary Server install) and the DNS name used to connect matches the servers cert exactly, all’s well with the world.

If you want to connect using different IP/DNS names, such as in a NAT environment, they are ways around those problems. Firstly, you can populate “Additional DNS names” and “Non-detectable IP addresses” to tell the primary server about other connection methods. Secondly, you can tell the client to ignore name matching with a reg key. Is that what you went with?