During the installation of ZCM10 you’re asked if you want to use an external CA (Certificate Authority) of an internal CA. If you’re using an internal CA it’s important to backup the CA certificate in case you lose the server that is the CA for your ZCM zone. If you lose your CA all the certificates signed by this CA are worthless. That isn’t a nice thing in a ZCM environment where almost all the communication is encrypted through SSL!
So the first thing to do after the installation of the first primary ZCM server is to backup the CA. You can accomplish this by entering the command:
zman certificate-authority-export [path and file name]
You’re prompted for a username and password who has the right for exporting the certificate (mostly Administrator) and a passphrase for securing the file.
This passphrase has to have a minimum lenght of 10 characters. Please store this passphrase in a secure location. If you lose this passphrase the exported CA file is worthless because you need this passphrase to import the certificate.
Importing the certificate is done by entering the command:
zman certificate-authority-import [path and file name]
Again you’re prompted for a username and password who has the right for importing the certificate as the passphrase.
More blog articles on Novell and VMware: http://blog.wilmsenit.nl
Editor’s Note: For additional information, see Backing Up and Restoring the ZENworks Server and Certificate Authority in the ZENworks documentation.