BlueCoat Proxy restricts Online Updates

  • 7024352
  • 19-Dec-2019
  • 30-Mar-2020


ZENworks Configuration Management Appliance
ZENworks Service Desk Appliance
ZENworks Reporting Server Appliance


Appliance is unable to Register to Online Updates in the Administration Console.


To manually register the Appliance for Online Updates

Identify the Appliance Online Update Regcode
Depending on the appliance the regcode is different “regcode-zenworks-appliance”
To find the correct regcode at the server command prompt:
cat  /etc/Novell-VA-release | grep regcode

Access to the certs is critical
Option 1:

-Copy valid CA Cert from previous appliance to new appliance
Location: /etc/ssl/certs

At the Appliance Server command prompt, run: c_rchash

Option 2:
Command to create the cert with OpenSSL

true | openssl s_client –connect –showcerts > /tmp/www-novell-com-ca-certs.pem

Copy cert to /etc/ssl/certs
               Example: www-novell-com-ca-certs.pem

Appliance Server command prompt, run: c_rchash

Online Update Registration
Register Online Updates Create Cert

ZRS Server command prompt and execute the suse_register command manually
/usr/bin/perl –w /usr/bin/suse_register –d 3 –a email=<email address> -a regcode-zenworks-appliance=<activation code> -L <log file path>

Online Update UnRegister
Likewise the command to unregister the appliance from NCC is,

/usr/bin/perl –w /usr/bin/suse_register –E


Bluecoat proxy uses SSPI.
This type of proxy presents it's own certificate for SSL communication.
The CA for this certificate was not trusted by the appliance.
Thus, the handshake fails.

Additional Information

For non-appliance refer to TID 7002329

SSL Inspection Firewalls.

Check these logs for specifics: