Linux Authentication Satellite promotion fails during Certificate Signing Request

Document ID:7006970
Creation Date:30-Sep-2010
Modified Date:07-Aug-2014
- Micro Focus Products:
  ZENworks Configuration Management

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3

Situation

Linux Authentication Satellite promotion fails during CSR

ERROR (from zmd-messages.log):

[ZenHttpServer::KeyStoreUtil] [Exception :
java.lang.Exception: Unable to sign the Satellite Server's Certificate. Authenticated user or device does not have sufficient privileges to request a signed certificate

[Debug] [09/30/2010 15:26:25.960] [] [1251] [ZenworksAgent] [262] [ZenHttpServer] [Exception configuring SSL for satellite server :
java.lang.Exception: An unexpected exception was encountered while configuring the Authentication Server service

Caused by: java.lang.Exception: An unexpected error occured during configuration. The certificate signing request unexpectedly returned a null result

Resolution

Any or all of the following may help.

zac asr -t all -u Administrator -p password

zman rsc

zac ref

/etc/init.d/novell-zenworks-xplatzmd restart

Additional Information

Running zac command to reconfigure that satellite bypasses the token and the administrator credentials you provide are used to provide authorization to the CA service.

This error:

Unable to sign the Satellite Server's Certificate. Authenticated user or device does not have sufficient privileges to request a signed certificate

Means that the satellite was requesting that the primary sign a certificate. The primary rejected the satellite as the GUID passed in the CSR request was considered invalid.

Likely reason:

When promoting a satellite server a token with an expiration time is created and stored in the database. It is also sent to the satellite device to use with the request to the CA to sign the satellite's certificate.

If the device waits too long to refresh and start the promotion then the token will be expired and the error is seen.