zyxel N4100 gateway - Problems with SSL certificate on welcome page (google chrome)
Comments
-
Hi @Maze,
You rock! Thanks for sharing the information with us.
Following your procedure, it did the trick.
0 -
Hello @MazeI also await for the explanation as it didn't work out for me. The certificate is indeed registered (with 192.168.0.1 for example) but after that I didn't find the way to "disable" the certificate. My only options in Advanced>System are to enable the original one or the one I just made (Customer Certificate). With Firefox I can see the certificate is mine and add an exception but with Chrome it still doesn't want to enable the access.Thanks.
0 -
Hi @all,that zyxel will present us a new firmware without this error - I don't believe in that.I opened a support- ticket for exact this problem and recieved a translated version of Maze's Post.Actually they are collecting the cases and waiting for a patch from the engineering...The bad thing is that I cannot create a SSL certificate how Maze described it.I tried it with OpenSSL (version 1.1.0h) on my Windows 7 64Bit- PC and with a Debian Linux- server (OpenMediaVault 4.x) but when I entered the second command I was not asked for an IP-address in the process of creating the certificate.I also tried another Blog-Entry "How to make a OpenSSL- certificate on Windows" (in German Language: https://www.andysblog.de/windows-mit-openssl-ein-selbstsigniertes-zertifikat-erstellen) - the commands are nearly the same but also I wasn't asked for an IP-address. Questions for RegionCode, City, Company, eMail-address, etc. - but no question for an IP-address...Does anyone know a solution for this problem?
0 -
I follow the instruction, it works fine.Hope it is useful to everyone.Prerequisites
Linux OS with openssl tool installed
-sudo apt-get install openssl
-sudo apt-get install libssl-dev
Certificate generate procedure
1. Generate private key
openssl genrsa -des3 -out private.key 2048Note. Do not forget pass phase for private key
2. Generate CA request file for enrollment
openssl req -new -key private.key -out CertificateReq.csr
Fill out these fields as prompted, here is the example,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:6.6.6.6 <= There is no need to configure same as device interface LAN IP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3.CA Self-sign the certificate with private key
openssl x509 -req -days 1095 -in CertificateReq.csr -signkey private.key -out Certificate.crt
Import certificate to N4100
1. Copy Certificate.crt and private.key to local PC
2. Go to “SYSTEM TOOLS > SSL CERTIFICATE”,
Password = Pass phase
Certificate File = Certificate.crt
Private Key File = private.key
After certificate import successfully, it will show message as below.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight