11.4 Replacing the Internal Certificate with a new Internal Certificate on the Primary Servers

If the internal server certificate of your Windows or Linux Primary Server has expired or if the server certificate key pair has been compromised, you can choose to replace the certificate with a new internal server certificate.

  1. Before replacing an internal server certificate with a new internal server certificate, take a reliable backup of the following on all Primary Servers in the Management Zone:

    • Content-Repo Directory: The content-repo directory is located by default in the ZENworks_installation_directory\work directory on Windows and in the /var/opt/novell/zenworks/ on Linux. Ensure that the images directory located within the content-repo directory has been successfully backed up

    • Certificate Authority: For detailed information on how to back up the certificate authority, see Section 10.3, Backing Up the Certificate Authority.

    • Embedded Database: For detailed information on how to back up the database, Section 33.3, Backing Up the Embedded Sybase SQL Anywhere Database.

  2. Reconfigure the certificate on the Primary Server whose certificate has expired by entering the following command at the server’s command prompt:

    novell-zenworks-configure -c SSL -Z

    Follow the prompts.

  3. Restart all the ZENworks services by running the following command:

    novell-zenworks-configure -c Start

    By default, all the services are selected. You must select the Restart action.

  4. On the managed device and the Satellite Server, run the zac unr -f command to locally unregister, and then run the reg https://<server url>:port command, to register back to same server with the new certificate.

  5. On the agent of the Primary Server, run the zac cc command to clear the cache, and then run the zac reg https://<server url>:<port> command to register back with new certificate.

  6. Re‐create all the default and custom deployment packages.

    Default Deployment Packages: At the server’s command prompt, enter the novell-zenworks-configure -c CreateExtractorPacks -Z command.

    Custom Deployment Packages: At the server’s command prompt, enter the novell-zenworks-configure -c RebuildCustomPacks -Z command.

  7. Configure the Authentication Satellites with the new certificates by entering the zac asr -t all -u Administrator -p password command at the Satelliteʹs prompt.

    This applies to both Windows and Linux devices.