7.1 Generating a Certificate Signing Request (CSR)

For each Windows server where you will install the ZENworks Primary Server software, you need to create an individual server certificate with the subject being the server’s Fully Qualified Domain Name (FQDN).

  1. Install OpenSSL.

  2. To generate a private key that is needed to create a certificate signing request (CSR), enter the following command:

    openssl genrsa -out zcm.pem 2048
  3. To create a CSR that can be signed by a Certificate Authority, enter the following command:

    openssl req -new -key zcm.pem -out zcm.csr

    When you are asked for “YOUR name,” enter the full DNS name assigned to the server where you are installing the Primary Server software domain names include www.company.com, payment.company.com and contact.company.com.

  4. To convert the private key from PEM format to the DER encoded format, enter the following command:

    openssl pkcs8 -topk8 -nocrypt -in zcm.pem -inform PEM -out zcmkey.der -outform DER

    The private key must be in the PKCS8 DER encoded format. You can use the OpenSSL command line tool to convert your keys to the proper format.

  5. Use the CSR to generate a certificate by using ConsoleOne, iManager, or a true external CA such as Verisign.

    If you are using a true external CA such as Verisign, refer to Verisign for information about using the CSR to generate a certificate. If you are using ConsoleOne or iManager as your Certificate Authority, instructions are provided in the following sections: