Importing certificates compatibility openSSL vs certutil
Guru Member
Old models of USG like Zywall 110 or USG 60 don't work with opeSSL command
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem
errno: -17011
errmsg: PKI certificate type is not supported
Yet on VPN300 and FLEX 200 it will happily accept it
and using
certutil –MergePFX cert.cer cert.pfx
works on Zywall 110 or USG 60 and VPN300 or FLEX 200
I'm guessing a old copy of openSSL will work?
All Replies
-
Hello @PeterUK
Thank you for your inquiry. Could you specify this question "I'm guessing a old copy of OpenSSL will work?" for us in more detail? Thank you.
0 -
Maybe there is another openssl for windows but I used this
I tried older versions to see if newer version cause old USG model to not work but it still failed
0 -
OK, noted. Thank you for your update.
0 -
So after some testing for anyone the openSSL for windows will not work for the USG 60 or Zywall 110 and other model but will for newer models like FLEX200
I tried the openSSL in linux mint and had the same problem for USG 60 or Zywall 110 until you add the
-legacy
openssl pkcs12 -export -out /home/dns/ddns.pfx -inkey /home/dns/ddns.key -in /home/dns/ddns.crt -legacy
0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 90 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 920 Nebula FAQ
- 422 Security FAQ
- 237 Switch FAQ
- 208 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
