ZENworks Primary Servers communicate with ZENworks managed devices using the HTTPS protocol. This secure communication requires that the ZENworks Management Zone have a defined Certificate Authority (CA) and that each Primary Server have its own server certificate issued by the zone's CA.
ZENworks includes an internal ZENworks CA. If you use the internal ZENworks CA, it is created during installation of the first Primary Server. Each subsequent Primary Server you install is issued a certificate signed by the ZENworks CA.
We recommend that you use the internal ZENworks CA unless your corporate security policies do not allow you to do so. The internal ZENworks CA lasts 10 years and simplifies use of various ZENworks features such as Remote Management. The certificate validity should be between 1 and 10 years. If you plan to use the server as an MDM server, then to ensure communication with iOS and Mac devices, the certificate validity should not exceed 2 years.
If you cannot use the internal ZENworks CA, you can use an external CA and provide external server certificates for each Primary Server you install. See the following sections for detailed instructions on using external certificates: