GS1900-24 - Latest firmware: Importing p12 certificate fails with error 0x246

Options
zyste
zyste Posts: 4
Friend Collector First Comment

Hello, I'm trying to import a p12/pfx file generated using the following command:

openssl pkcs12 -export -out switch.pfx -in switch.crt -inkey switch.key

on a GS1900-24 switch (Rev. A1, Firmware V2.80(AAHL.0) | 10/16/2023).

However, it always fails with the following alert (see image below too):

Upload certificate failed. Unspecified error(0x246)

I tried several things now but can't get it to work.
Any ideas?

Accepted Solution

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @zyste,

    Thanks for your kind correction. Please allow me to rephrase my previous explanation. After checking I found that GS1900 only supports the RSA algorithm but not the ECDSA algorithm. Could you generate an RSA algorithm certificate file and import it to GS1900?

    Zyxel Melen

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @zyste,

    Could you share the certificate with me? I will try to reproduce it on my side. Please check the private message I sent to you and provide the certificate and its password there.

    Zyxel Melen

  • zyste
    zyste Posts: 4
    Friend Collector First Comment
    Options

    Hello @Zyxel_Melen, I sent you the p12 file via PM.

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi zyste, thanks for the file! I will test it next week and keep you posted.

    Zyxel Melen

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @zyste,

    After checking, I found that GS1900 only supports .pfx file but not .p12 file. Could you generate a .pfx file and import it to GS1900?

    Zyxel Melen

  • zyste
    zyste Posts: 4
    Friend Collector First Comment
    Options

    Hi @Zyxel_Melen,

    I think there's a technical misunderstanding on your side - pfx and p12 is essentially the same thing, just the extension is different. So, you'd just have to rename the file to e.g. certificate.pfx

    As far as I remember I tried that too but got the same error - as reference, see the extensions at the Wikipedia page.

    https://en.m.wikipedia.org/wiki/PKCS_12

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @zyste,

    Thanks for your kind correction. Please allow me to rephrase my previous explanation. After checking I found that GS1900 only supports the RSA algorithm but not the ECDSA algorithm. Could you generate an RSA algorithm certificate file and import it to GS1900?

    Zyxel Melen

  • zyste
    zyste Posts: 4
    Friend Collector First Comment
    Options

    Hello @Zyxel_Melen,

    thank you for the hint - I used RSA and now it indeed worked!
    As a suggestion, a better error message in a future firmware release would be really helpful - or at least an explanation of what error 0x246 means somewhere on the Zyxel knowledge base or similar.

    Discussion closed - thanks again for your help and have a nice day!

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,639  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @zyste,

    Thanks for your input. We have already discussed this part and recorded it in the enhancement checklist. Stay tuned for our future firmware release.

    Zyxel Melen