I'm been working on solving a certificate problem for the last couple of months, and I've discovered that none of my primary servers in my environment have the certificate authority role.

The short version is server1 was created as the first server, using an internal cert. After some testing, server2 server3 and server4 were implemented, with server1 quietly ignored for a while and subsequently decommissioned. Server2 and 3 were updated to 10.1.3 two months ago, but server4 had an issue that I tried to resolve by un-installing and reinstalling Zenworks. When prompted to add it to the existing zone, a cert error occurred with multiple problems spinning off from there.

While working with the zman command, I discovered that server2 and server3 don't have the certificate authority role, and the certs were not properly exported before server1 was decomissioned. I'm pretty sure this is the source of all my problems. Any thoughts on what I do to solve this? Bringing back server1 is not an option.