NSA310s has SSL cert problem

I have an NSA 310s that has an expired SSL cert.  I am able to get into the console using Opera since it does not block my unsecured access.

I have tried to create a CSR request and have, I think, created a public and private key set in Windows 10.  However, when I try to import it into the NSA it says the key doesn't match.  I have tried a .PFX that Windows generates as well as exporting to a .CER.  No luck.

Any idea how to do this?

All Replies

  • PixelAXE
    PixelAXE Posts: 21  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2022
    I've find some information that may help you.
    If you have obtained a certificate from a CA to use with the NAS, please do the following to replace the certificate on the NAS with your signed cert.
    1.Make sure the certificate is using the correct extension required by NAS, CER.
             1-a.CRT and CER are interchangeable, rename the cert file "default.cer".
             1-b.If cert is using other extension check with your CA to see if they offer CRT/CER.
             1-c.Use openssl to convert your certificate to CER format.  (e.g. openssl x509 -outform DER -in cert.pem -out default.cer)
    2. Make sure the certificate key is using the correct extension, CER.  (e.g. openssl rsa -in private.key -outform DER -out default_key.cer)
    3.Use a transfer client, such as WinSCP/SFTP, to overwrite default.cer and default_key.cer on the NAS.
             3-a.Place the default.cer file in the /etc/zyxel/cert/ directory.  (e.g. "sftp>put source_directory/default.cer /etc/zyxel/cert/", Windows users can drag and drop files using WinSCP)
             3-b.Place the default_key.cer file in the /ect/zyxel/cert/key directory.  (e.g. "sftp>put source_directory/default_key.cer /etc/zyxel/cert/key/", Windows users can drag and drop files using WinSCP)
    4.Reboot the NAS

Consumer Product Help Center