Importing certificates compatibility openSSL vs certutil
Guru Member
Old models of USG like Zywall 110 or USG 60 don't work with opeSSL command
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem
errno: -17011
errmsg: PKI certificate type is not supported
Yet on VPN300 and FLEX 200 it will happily accept it
and using
certutil –MergePFX cert.cer cert.pfx
works on Zywall 110 or USG 60 and VPN300 or FLEX 200
I'm guessing a old copy of openSSL will work?
All Replies
-
Hello @PeterUK
Thank you for your inquiry. Could you specify this question "I'm guessing a old copy of OpenSSL will work?" for us in more detail? Thank you.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
Maybe there is another openssl for windows but I used this
I tried older versions to see if newer version cause old USG model to not work but it still failed
0 -
OK, noted. Thank you for your update.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
So after some testing for anyone the openSSL for windows will not work for the USG 60 or Zywall 110 and other model but will for newer models like FLEX200
I tried the openSSL in linux mint and had the same problem for USG 60 or Zywall 110 until you add the
-legacy
openssl pkcs12 -export -out /home/dns/ddns.pfx -inkey /home/dns/ddns.key -in /home/dns/ddns.crt -legacy
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
