Can't remove certificate object

alehzn
alehzn Posts: 37  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited March 2022 in Security
Hello community,

I would like to remove an expired certificate on my 
USG FLEX 50W (USG20W-VPN) but when doing so over GUI I get the following message:

"Wrong CLI command, device timeout or device logout."

Trying to remove it using CLI I get this:

"Router(config)# no ca category local <certificate name>

% (after 'local'): Parse error

retval = -1

ERROR: Parse error/command not found!"

What do I need to do to finally get rid of it?

Thank you.
Regards

Firmware version: 5.21(ABAR.0)

Accepted Solution

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @alehzn
    You can login to device WebGUI to backup(download) the certificates that you needed.
    And then use CLI command to flush all of certificates on your device.
    System will regenerate system default certificates and flush others.

    Router# debug _ca regenerate

All Replies

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Thanks for your feedback.
    We will check on this problem and get back to you when there is any progress.
    Thank you.


    James
  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    Hi @alehzn,

    Before input the command "no ca category local [certificate_name]", we should input "configure terminal" first to entering Configure mode.

    Here are screenshots for your reference.

    1. "show ca category local" >> Check what certificates we have, here I take "0311james" for example.


    2. Input "configure terminal" for entering configure mode, and then input "no ca category local 0311james" to remove the certificate.


    3. Then we can see there is no more "0311james"


    Please try this solution, I'm looking forward to the result, thank you.

    James.


  • alehzn
    alehzn Posts: 37  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hello James,

    thank you for the instruction which I have already followed before.
    Please see screenshot attached. You will notice that it (still) does not work.

    Best 
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @alehzn
    You can login to device WebGUI to backup(download) the certificates that you needed.
    And then use CLI command to flush all of certificates on your device.
    System will regenerate system default certificates and flush others.

    Router# debug _ca regenerate
  • alehzn
    alehzn Posts: 37  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hello @Zyxel_Stanley
    The command did the trick. Certificate is finally gone. Thank you for your great support!
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @BrowB
    Does your certificate was expired on your device and it is unable to remove from WebGUI or CLI?
    If not, can you export the certificate and share it to us?

Security Highlight