"zac iac" does not allow importing certificates signed by a subordinate Certificate Authority

  • Document ID:7006700
  • Creation Date:23-Aug-2010
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      ZENworks Configuration Management

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3

Situation

Cannot deploy Authentication Satellite in one specific scenario:
  1. Create a zone with external Certificate Authority, with zone Certificate Authority entity called, for example, "Zone CA "
  2. Create a key pair for "Subordinate CA " entity having Certificate Authority basic constraint and key usage as Certificate Signing.
    Sign it using "Zone CA "
  3. Create a key pair for authenticate satellite, say "Auth Satellite " with Digital Signature and Key Encipherment capability.
    Sign it using "Subordinate CA ".
  4. On a Linux device, attempt to import the "Auth Satellite " via zac iac .

ERROR: The specified server certificate is not signed by the appropriate authority. The Authentication Satellite Server's certificate should be issued by " Zone CA", but the specified certificate is issued by " Subordinate CA"

Resolution

This is fixed in version 10.3.1 - see KB 7006265 "ZENworks Configuration Management 10.3.1 - update information and list of fixes" which can be found at https://www.novell.com/support