Moving the internal Certificate Authority does not change the CA certificate subject name

  • 7018728
  • 23-Mar-2017
  • 23-Mar-2017


Novell ZENworks Configuration Management


For Internal Certificate Authority on ZENworks, the "Move CA Role" or backup and restore CA to another primary does not change the Certificate Authority Certificate Subject name.


This is working as designed.  Moving the Certificate Authority role does not change the actual Certificate Authority certificate.  The new primary will mint new server certificates that chain to the existing CA certificate.  The subject name of the CA certificate may point to the original CA role primary that has been removed.  This is not a problem as devices continue to trust the unchanged CA certificate that is in their truststore.