- Create a zone with external Certificate Authority, with zone Certificate Authority entity called, for example, "Zone CA "
- Create a key pair for "Subordinate CA " entity having Certificate Authority basic constraint and key usage as Certificate Signing.
Sign it using "Zone CA "
- Create a key pair for authenticate satellite, say "Auth Satellite " with Digital Signature and Key Encipherment capability.
Sign it using "Subordinate CA ".
- On a Linux device, attempt to import the "Auth Satellite " via zac iac .
ERROR: The specified server certificate is not signed by the appropriate authority. The Authentication Satellite Server's certificate should be issued by " Zone CA", but the specified certificate is issued by " Subordinate CA"