Importing certificates compatibility openSSL vs certutil
Old models of USG like Zywall 110 or USG 60 don't work with opeSSL command
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem
errno: -17011
errmsg: PKI certificate type is not supported
Yet on VPN300 and FLEX 200 it will happily accept it
and using
certutil –MergePFX cert.cer cert.pfx
works on Zywall 110 or USG 60 and VPN300 or FLEX 200
I'm guessing a old copy of openSSL will work?
All Replies
-
Hello @PeterUK
Thank you for your inquiry. Could you specify this question "I'm guessing a old copy of OpenSSL will work?" for us in more detail? Thank you.
See how you've made an impact in Zyxel Community this year!
0 -
Maybe there is another openssl for windows but I used this
I tried older versions to see if newer version cause old USG model to not work but it still failed
0 -
OK, noted. Thank you for your update.
See how you've made an impact in Zyxel Community this year!
0 -
So after some testing for anyone the openSSL for windows will not work for the USG 60 or Zywall 110 and other model but will for newer models like FLEX200
I tried the openSSL in linux mint and had the same problem for USG 60 or Zywall 110 until you add the
-legacy
openssl pkcs12 -export -out /home/dns/ddns.pfx -inkey /home/dns/ddns.key -in /home/dns/ddns.crt -legacy
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight