A few weeks ago I posted the following question:

We have a few external users (they are on the internet outside our
firewall). The Zen agents on their laptops are configured to login to our
MiddleTier server. We configured the laptops this way to allow us to
inventory and remote control the laptops.

My question is (and it might seem stupid but I'm just not sure of the
answer): When the authentification is done, this information is
information is sent through the internet. Is this information in clear
text or is it encrypted.

The answer (kindly given by Jared) was that the information is encrypted
with NetIdentity.

However, I've been reading a bit on NetIdentity and found this
information in Novell Documentation:

25.4 Setting Up NetIdentity Authentication
Authentication to a Middle Tier Server from a Desktop Management Agent is
based on a challenge-response mechanism. When a Middle Tier Server
challenges an agent for authentication, it sends an X.509 certificate.
The agent verifies the integrity and trust of the certificate, and
secrets are exchanged using public-key/private-key and session-key
encryption techniques.

During installation, a NetIdentity certificate is installed on the Middle
Tier Server. On Linux, this certificate is signed by the Certificate
Authority (CA) of the tree where the server belongs. This certificate,
though cryptographically valid, is not signed by trusted root
authorities, and should not be trusted outside of a controlled
environment. By default, the Desktop Management Agent installation
accepts such a self-signed certificate, but this is a configurable
installation parameter. When deployed outside a controlled network,
Middle Tier Servers must be configured with a certificate that is signed
by a trusted Root Certificate authority. They must also be configured to
enforce strict trust checking.

My understanding is the by default, the Zen agents will use the x.509
certificate (installed on the MiddleTier server by default as mentionned
above) to encrypt the authentification...right? Or, do I need to do more
configuration to SSL/certificate...and so on.