ZCS Certificates Tools
ZCS allows administrators to manage their certificates using either the Administration Console or the Command Line Interface (CLI). This article discusses the ZCS 8.x, 8.0.x, 7.0.x Administration Console, and the CLI tools for ZCS 8.x, 8.0.x, 7.0.x. A note on CN and subjectAltName By default ZCS requires valid certificates when communicating with hosts over TLS/SSL. As such, certificates within an install should be valid (not expired and have hostnames matching the certificate). Per https://tools.ietf.org/html/rfc2818#section-3.1 If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead. See also RFC2459 section-4.2.1.7 for details on Subject Alternative Name handl...