Moving An Es From One Ms To Another - Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - 09-22-2008 User Manual

3 keytool prompted for the password for the <keystore_filename> file, which is the password
used when the keystore was created.
4 Submit the CSR (see
Thawte or Verisign) along with anything else they might require:
http://www.verisign.com/ (http://www.verisign.com/)
http://www.thawte.com/ (http://www.thawte.com/)
5 If you are using a non-traditional CA (such as your own private Certificate Authority/Public
Key Infrastructure (CA/PKI), or if you are using a less well-known CA, you will need to import
the CA's root certificates into the java cacerts file by entering the following command on the
command line of the Novell ZENworks Network Access Control server:
keytool -import -alias <CA_alias> -file <ca_root_cert_file> -keystore /usr/
local/nac/keystore/cacerts
Where:
<CA_alias> is an alias unique to your cacerts file and preferably identifies the CA to which it
pertains
<ca_root_cert_file> is the file containing the CA's root certificate
6 keytool prompts for the password for the cacerts file, which should be the default:
changeit.
7 If you are prompted, enter yes to trust the certificate.
8 Once you get your signed certificate back from the CA, import it into your keystore (see
Section 1.9, "Copying Files," on page
certificate for your key by entering the following command on the command line of the Novell
ZENworks Network Access Control server:
keytool -import -alias <key_alias> -trustcacerts -file <signed_cert_file> -
keystore /usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
<signed_cert_file> is the name of the file containing your CA-signed certificate
9 keytool prompts for the password for the keystore_filename file, which is the password used
when the keystore was created.
10 Save and exit the file.

16.17 Moving an ES from One MS to Another

If you have an existing ES, you can move it to a different MS by performing the steps in this section.
To move an ES to a different MS:
Command line window
1 Log in to the ES as root using SSH or directly with a keyboard.
2 Enter the following command at the command line:
service nac-es stop
3 Log in the MS user interface that currently manages the ES you want to move.
370 Novell ZENworks Network Access Control Users Guide
Section 1.9, "Copying Files," on page
28), replacing the previously self-signed public
28) to your chosen CA (such as