ZENworks prompts you to change your ZENworks Certificate Authority (CA) 90 days before the expiration of the certificate. The following warning message is displayed for each administrator once every 24 hours after the administrator logs in to ZENworks Control Center:
The Zone CA will expire in number_of_days days.
The above warning message is displayed for each administrator for every login when the expiry is below five days.
To re-create the zone certificate before it expires, review the following scenarios:
IMPORTANT:If you do not change your zone certificate before it expires, the communication between Primary Servers and managed devices breaks down, and the managed devices fail to receive new assignments and policies. To reestablish the communication, you must re-create the certificate.
If you want to replace the internal or external server certificate of your Windows or Linux Primary Server, then you can choose to replace the certificate with a new internal server certificate.
If the current CA is internal, see Reminting the Certificate Authority or Changing the CA to Internal
in the ZENworks 11 SP4 SSL Management Reference.
If the current CA is external, see Changing the CA to Internal
in the ZENworks 11 SP4 SSL Management Reference.
(Conditional) If your zone includes Intel AMT devices, unprovision and provision the devices.
For more information about unprovisioning and provisioning Intel AMT devices, see Configuring Intel AMT Devices in Enterprise Mode
in the ZENworks 11 SP4 Out-of-Band Management Reference.
(Conditional) If multizone is configured, and the Publisher’s certificate is changed, then update the new certificate of this server for all its Subscribers. Perform the following to update the new certificate:
Log in to ZENworks Control Center (ZCC) of subscribers.
Navigate to Subscribe And Share > Subscriptions > <subscription_name> > Remote Server > Update Certificate.
Update the certificate.
If you want to replace the internal or external server certificate of your Windows or Linux Primary Server, then you can choose to replace the certificate with a new external server certificate.
To change the CA to external, see in Changing the CA to External
in the ZENworks 11 SP4 SSL Management Reference.
(Conditional) If your zone includes Intel AMT devices, unprovision and provision the devices.
For more information about unprovisioning and provisioning Intel AMT devices, see Configuring Intel AMT Devices in Enterprise Mode
in the ZENworks 11 SP4 Out-of-Band Management Reference.
(Conditional) If multizone is configured, and the Publisher’s certificate is changed, then update the new certificate of this server for all its Subscribers. Perform the following to update the new certificate:
Log in to ZENworks Control Center (ZCC) of subscribers.
Navigate to Subscribe And Share > Subscriptions > <subscription_name> > Remote Server > Update Certificate.
Update the certificate.