ZENworks Primary Servers communicate with ZENworks managed devices using the HTTPS protocol. This secure communication requires that the ZENworks Management Zone have a defined Certificate Authority (CA) and that each Primary Server have its own server certificate issued by the zone's CA.
ZENworks includes an internal ZENworks CA. If you use the internal ZENworks CA, it is created during installation of the first Primary Server. Each subsequent Primary Server you install is issued a certificate signed by the ZENworks CA.
We recommend that you use the internal ZENworks CA unless your corporate security policies do not allow you to do so. The internal ZENworks CA lasts 10 years and simplifies use of various ZENworks features such as Remote Management.
If you cannot use the internal ZENworks CA, you can use an external CA and provide external server certificates for each Primary Server you install.
NOTE:If you plan to configure Kafka or Vertica in your zone, then ensure that two-way SSL is enabled for the server certificate issued by an external CA. For more information on Kafka or Vertica, see ZENworks Vertica Guide.
See the following sections for detailed instructions on using external certificates: