I'm starting to test ZCM 10.3 user authentication via a Windows XP satellite server.

When attempting to configure the authentication role on the satellite server, however, the following message appears, "Authenication servers must have external certificates if zone uses external certificates." Okay. My test zone does use an external certificate.

So, to the manual . . .

On page 83 in the "ZENworks 10 Configuration Management System Administration Reference" is this: "NOTE: If you are using an external certificate for the Satellite device, you must import the certificate by using the zac import-authentication-cert (iac) command before configuring the Authentication role." Okay.

So, to the zac command . . .

On page 81 of the "ZENworks 10 Configuration Management Command Line Utilities Reference" is this:

"import-authentication-cert(iac)[-pk <private-key.der>] [-c <signed-servercertificate.der>] [-ca <signing-authority-public-certificate.der>] [-ks
<keystore.jks>] [-ksp <keystore-pass-phrase>] [-a <signed-cert-alias>] [-ks
<signed-cert-passphrase>] [-u username] [-p password]

Configures an Authentication Satellite device with externally signed certificates."

After playing around a bit, it appears that I need a <private-key.der>, <signed-servercertificate.der>, and <signing-authority-public-certificate.der> file.

So the question is, how do I generate these files? Or, better yet, is there detailed documentation on how to perform this whole process?

My primary server is running Windows Server 2008.