14.1 Generating a Certificate Signing Request (CSR)

For each Linux server where you will install the ZENworks Primary Server software, you need to create an individual server certificate with the subject being the server’s Fully Qualified Domain Name (FQDN).

  1. Install OpenSSL.

  2. To generate a private key that is needed to create a certificate signing request (CSR), enter the following command:

    openssl genrsa -out zcm.pem 2048
  3. To create a CSR that can be signed by the external Certificate Authority, enter the following command:

    openssl req -new -key zcm.pem -out zcm.csr

    When you are asked for “YOUR name,” enter the full DNS name assigned to the server where you are installing the Primary Server software domain names include www.company.com, payment.company.com and contact.company.com.

  4. To convert the private key from PEM format to DER format, enter the following command:

    openssl pkcs8 -topk8 -nocrypt -in zcm.pem -inform PEM -out zcmkey.der -outform DER

    The private key must be in the PKCS8 DER format. You can use the OpenSSL command line tool to convert your keys to the proper format. This tool can be obtained as part of the Cygwin toolkit, or as part of your Linux distribution.

  5. Use the CSR and generate a certificate by using Novell ConsoleOne, Novell iManager or a true external CA such as Verisign.