I just have one question regarding Remote Management. Since we are using an external VeriSign certificate, the remote operator is currently identified as "unknown user" when a managed device is remote controlled. I think this is working as designed because the Remote Operator's name is derived from the certificate generated on the ZCM server. When External CAs are used (i.e. VeriSign), certificates are not generated for the remote operator, therefore the operator is recorded as an "Unknown User". Am I correct ?

I read the following in the ZCM documentation:

B.3 Identifying the Remote Operator on the Managed Device
When a remote operator launches a remote session on a managed device through ZENworks Control Center, a certificate that helps the managed device to identify the remote operator is automatically generated by ZENworks if an internal CA is used. However, if an external CA is used, the remote operator needs to manually provide the certificate that is chained to the deployed external CA and is certified for SSL Client Authentication. For more information on using the external CA, see Use the Following Key Pair for Identification in Section 2.8, Starting Remote Management Operations. Novell Documentation

If a remote operator launches a remote operation on a managed device without providing a certificate, the name of the remote operator is recorded as An Unknown User in the audit logs, the Visible Signal and the Ask User Permission dialog box. To ensure that the remote operator provides the certificate, deselect Allow Connection When Remote Management Console Does Not Have SSL Certificate in the Remote Management policy.

Do you know how the required key pair for identification is generated ? What are the steps ? We need for the remote operator to be identified.