ZENworks prompts you to change your ZENworks zone certificate 90 days before the expiration of the certificate. The following warning message is displayed for each administrator once every 24 hours when the administrator logs in to ZENworks Control Center:
The certificate on hostname_of_the_device will expire in number_of_days days.
The message is displayed for every server and zone whose certificate is about to expire.
If you do not change your zone certificate before it expires, the communication between Primary Servers and managed devices breaks down, and the managed devices fail to receive new assignments and policies. To reestablish the communication, you have to re-create the certificate. ZENworks allows you to re-create the certificates in the following scenarios:
Changing the zone certificate from internal to external. For more information, see Section 4.1, Changing the Zone Certificate from Internal to External.
Replacing an internal server certificate with a new internal server certificate. For more information, see Section 4.2, Replacing an Internal Server Certificate with a New Internal Server Certificate.
Replacing an external server certificate with a new external server certificate issued by the same certificate authority. For more information, see Section 4.3, Replacing an External Server Certificate with a New External Server Certificate Issued by the Same Certificate Authority.
Replacing an external server certificate with a new external server certificate issued by a different certificate authority. For more information, see Section 4.4, Replacing an External Server Certificate with a New External Server Certificate Issued by a Different Certificate Authority.
You use the same procedure to re-create the certificates in all the scenarios.
Configure the Satellites with the renewed certificates by entering the following command at the console prompt of each Satellite in the zone:
zac iac -pk private-key.der -c signed-server_certificate.der -ca signing-authority-public-certificate.der -ks keystore.jks -ksp keystore-pass-phrase -a signed-cert-alias -ks signed-cert-passphrase -u username -p password -rc
For more information about zac, view the zac man page (man zac) on the device or see the ZENworks 11 SP3 Command Line Utilities Reference.
The information provided in this section is applicable for Windows and Linux platforms.
IMPORTANT:ZENworks 11 SP3 currently does not support changing the external certificate to an internal certificate on Primary Servers.