Our ZCM11.2 system is using server certs that were minted with our eDirectory's CA.
That CA is expiring in a few months so I'm just tested the renewal process in the lab.
The ZCM servers are all running SLES10 64bit.

When I look at my build notes for those server I see that we just used "openssl" command to generate an SSL key, then used that key to generate the CSR, then use iManager to issue the server cert with that CSR.

In working on renewing the server cert in the lab, I generated a new SSL key and followed the steps above to get my new server cert.

Of course I'll then be using this command to add the new cert:
zman sacert Path_of_the_Primary_Server_in_ZENworks_Control_Cen ter Path_of_Primary_Server_Certificate
Then this command to add the new root CA to all severs and clients:
zac cert-info certificate_file_path -u zone_administrator_username -p zone_administrator_password

My questions are:
1) During the original installation I see that the path to the SSL key was needed during the installation. Do I not need to somehow also update that with the new key?
2) Or, should I have simply used the old SSL key to mint my new server cert using the new eDirectory CA?