ZCM installation ERROR: SSL Certificate used in authentication does not match certificates provided

  • 7002165
  • 11-Dec-2008
  • 27-Apr-2012

Environment

Microsoft Windows Server 2003
Novell ZENworks 10 Configuration Management with Support Pack 1 - 10.1
Novell ZENworks 10 Configuration Management with Support Pack 1 - 10.1 Installation - Server

Situation

Error is received during installation when attempting to add server to a zone.  At the point where the external certificates are chosen and the user clicks on the next button, the error is immediately presented.

ERROR: SSL Certificate used in authentication does not match certificates provided

Resolution

This is fixed in version 10.2 - see KB 7003225 "ZENworks Configuration Management SP2 (10.2)" which can be found at https://www.novell.com/support

WORKAROUND:

Create a silent install by following the procedure below: 
  1. Run the ZCM installation with the silent install switch: setup.exe -s
  2. When prompted to authenticate to the first primary server, select to not use SSL.
  3. Enter the rest of the silent install options as desired in order to authenticate to the first primary server.
  4. Select the location to which you should save the silentinstall.properties file.
  5. Open up the silentinstall.properties file with an editor like wordpad (Note: the value of variable PRIMARY_SERVER_CERT needs to be the .pem format of the first Primary Servers signed certificate. Remove all the hard returns for the certificate.)
  6. Set the following variables in the properties file:

    ADMINISTRATOR_PASSWORD=<your password>
    PRIMARY_SERVER_USE_SSL=true

    PRIMARY_SERVER_CERT=-----BEGIN CERTIFICATE-----MIA84...-----ENDCERTIFICATE-----

    (Note: the value of variable PRIMARY_SERVER_CERT needs to be the .pem format of the first Primary Servers signed certificate. Remove all the hard returns for the certificate.)

    SSL_CERT_FILE=C:\\path\\to\\ssl\\certs\\this_server_public_cert.der
    SSL_PRIVATE_KEY_FILE=C:\\path\\to\\ssl\\certs\\this_server_private_key.der
    ROOT_CA_CERT_FILE=C:\\path\\to\\ssl\\certs\\first_primary_server_cert.der

  7. Configure the rest of the silentinstall.properties file as needed.
  8. Start the silent install: setup.exe -s -f silentinstall.properties

Additional Information

The problem occurs during the install if the signed certificate is already trusted. In this case the first primary certificate is not stored to be used in a comparison operation with the user inputted external certificate.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.