"zac iac" does not allow importing certificates signed by a subordinate Certificate Authority

  • 7006700
  • 23-Aug-2010
  • 27-Apr-2012


Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3


Cannot deploy Authentication Satellite in one specific scenario:
  1. Create a zone with external Certificate Authority, with zone Certificate Authority entity called, for example, "Zone CA "
  2. Create a key pair for "Subordinate CA " entity having Certificate Authority basic constraint and key usage as Certificate Signing.
    Sign it using "Zone CA "
  3. Create a key pair for authenticate satellite, say "Auth Satellite " with Digital Signature and Key Encipherment capability.
    Sign it using "Subordinate CA ".
  4. On a Linux device, attempt to import the "Auth Satellite " via zac iac .

ERROR: The specified server certificate is not signed by the appropriate authority. The Authentication Satellite Server's certificate should be issued by " Zone CA", but the specified certificate is issued by " Subordinate CA"


This is fixed in version 10.3.1 - see KB 7006265 "ZENworks Configuration Management 10.3.1 - update information and list of fixes" which can be found at https://www.novell.com/support