Before replacing an external server certificate with a new external server certificate that is issued by the same certificate authority, take a reliable backup of the following on all Primary Servers in the Management Zone:
Content-Repo Directory: The content-repo directory is located by default in the ZENworks_installation_directory\work directory on Windows and in the /var/opt/novell/zenworks/ on Linux.
Ensure that the images directory located within the content-repo directory has been successfully backed up.
Certificate Authority: For detailed information on how to back up the certificate authority, see Section 32.3, Backing Up the Certificate Authority.
Embedded Database: For detailed information on how to back up the embedded database, see Section 29.3, Backing Up the Embedded Sybase SQL Anywhere Database.
Create a certificate signing request (CSR) by providing the hostname of the Primary Server as the subject.
For more information on how to create a CSR, see Creating an External Certificate
in the ZENworks 11 Server Installation Guide.
At the console prompt of a Primary Server, run the following command:
zman sacert Path_of_the_Primary_Server_in_ZENworks_Control_Center Path_of_Primary_Server_Certificate
For more information about zman, view the zman man page (man zman) on the device or see zman(1)
in the ZENworks 11 Command Line Utilities Reference.
This adds the certificate of the Primary Server that you specified in the command to the ZENworks database and certificate store.
NOTE:You must run the command for each device whose certificate you want to replace.
Refresh all the devices, including the Primary Servers, in the zone.
The Primary Server certificates that were imported in Step 3 are sent to the devices as configuration data.
Enforce the new certificates on the zone by running the following command at the console prompt of each Primary Server in the zone:
novell-zenworks-configure -c SSL -Z
Follow the prompts.
Restart all the ZENworks services on all the Primary Servers in the zone by running the following command at the console prompt of each Primary Server in the zone:
novell-zenworks-configure -c Start
By default, all the services are selected. You must select Restart as the Action.
Refresh all the devices, including the Primary Servers, in the zone.
If any device is not reachable during the refresh, you must first establish a connection with the device, then run the following command at the console prompt of each device to reestablish the trust between the device and the zone:
zac retr -u zone_administrator_username -p zone_administrator_password
Re-create all the default and custom deployment packages for all the Primary Servers:
Default Deployment Packages: At the console prompt of each Primary Server in the zone, enter the following command:
novell-zenworks-configure -c CreateExtractorPacks -Z
Custom Deployment Packages: At the console prompt of each Primary Server in the zone, enter the following command:
novell-zenworks- configure -c RebuildCustomPacks -Z
NOTE:Because ZENworks and ZENworks Reporting Server use the same certificate, the ZENworks Reporting Server Tomcat server must be configured when the ZENworks certificate is changed. For information on how to configure the ZENworks Reporting Server, see Section 35.5, Configuring the ZENworks Reporting Server Tomcat Server When the ZENworks Certificate Changes.