Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 23-Jul-2009, 12:37 PM
Junior Member
  
Join Date: Jan 2008
Posts: 14
bpayne11 0 reputation points
Default Wildcard Certificates ZCM 10.1.3
Hi all,

When I originally installed ZCM (10.0.3, May 2008), I installed it using our external SSL certificate. Now, I am not sure that that was the best choice. Our server is SLES 10 SP2 and ZCM 10.1.3. After updating our server to 10.1.3 from 10.0.3.2 I can no longer upload images to the server as I get a -601 error...excerpt from our novell-pbserv.log

Tue Jul 7 12:06:20 2009 -- [PCGI] done, PROXY_CMD_GET_IMAGE
Tue Jul 7 12:06:23 2009 -- [PCGII] received PROXY_CMD_GET_IMAGE_INFO
Tue Jul 7 12:06:23 2009 -- [PCGII] Image File: /var/opt/novell/zenworks/content-repo/images/HPsp09v8.zmg
, File Time: 18423915792, File Size: 13790949395
Tue Jul 7 12:06:23 2009 -- [PCGII] done PROXY_CMD_GET_IMAGE_INFO
Tue Jul 7 12:06:24 2009 -- [PCRISD] received PROXY_CMD_REQ_SAFEDATA
Tue Jul 7 12:06:24 2009 -- [ZENIMGWEB-CSCKT] Initializing client socket.
Tue Jul 7 12:06:24 2009 -- [ZENIMGWEB-CSCKT] SSL Initialization error; code : 11. Can't read CA list.
Tue Jul 7 12:06:24 2009 -- [ZIMGWEB-OHC] Failed to create socket
Tue Jul 7 12:06:24 2009 -- [GWC] Error opening the socket : -601
Tue Jul 7 12:06:24 2009 -- [PCRISD] GetWorkstationConfig returned: -601
Tue Jul 7 12:06:24 2009 -- [PCRISD] done PROXY_CMD_REQ_SAFEDATA
Tue Jul 7 12:06:24 2009 -- [SCEM] OOB error message, 1843
Tue Jul 7 12:06:24 2009 -- [LC] close connection, 149.143.208.23
Tue Jul 7 12:06:24 2009 -- [ECC] CS
Tue Jul 7 12:19:49 2009 -- [STATS] Updating Stats
Tue Jul 7 12:19:49 2009 -- [ZENIMGWEB-CSCKT] Initializing client socket.
Tue Jul 7 12:19:49 2009 -- [ZENIMGWEB-CSCKT] SSL Initialization error; code : 11. Can't read CA list.

We can download images just fine if they are first upload to our test server that was installed with the internal ZCM certificate and then transferred over to the live server.

Also after updating to 10.1.3 users cannot login using the ZCM icon (little blue Z). We have login disabled in the registry because it would take a machine more than two minutes to login to the desktop. This I assume is because wildcard cert support was dropped in 10.1.3.

Those two issues not being bad enough, our SSL certficate expires at the end of August 2009. We have a new certificate but how do I install it on the server and the clients without touching each device manually? The new cert is a wildcard cert as well. I can get a single server cert from Digicert for free so the DNS of the cert matches the server DNS. Will I have to get this on the clients or will it just get pushed automatically because the Root CA is not changing?

Will inventory break when the SSL cert expires? Will end users get error messages from the Agent?

Thanks for any hints you can give me!

Brian Payne

bpayne@mvnu.edu
Reply With Quote
 

Tags
10.1.3 upgrade, deployment, inventory, upload images, wildcard certificate

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 07:59 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2