Feature Request: Support ECDSA certificates on GS1900 series switches

coderjoe
coderjoe Posts: 6
First Comment
edited March 7 in Switch

When I try and import my SSL certificate on my GS1900-8 and GS-1900-24E the UI throws an error: "Upload certificate failed. Unspecified Error (0x246)"

I have censored my existing certificate (RSA-2048) which I need to replace. However, when I try and upload my new certificate (EC-256) from my CA the switch returns an error.

I can upload the old certificate just fine .. the new one just doesn't work.
How can I get the certificate to install properly?


All Replies

  • coderjoe
    coderjoe Posts: 6
    First Comment

    Attached please find a tar.gz file containing 2 example certficiates which I would expect to work but both of which do not load properly and generate the above error.


    There is also a README file which explains how the certificates were generated.


    The README is also optionally executable in a shell if you'd like to generate your own certificates.
    Just run it with something similar to:
    $ bash test-gs1900-certs/README

  • Zyxel_Kay
    Zyxel_Kay Posts: 545  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @coderjoe

    The GS1900 series currently supports RSA algorithm certificates but does not support ECDSA algorithm certificates like the one you're trying to upload. To resolve this, you'll need to generate a new certificate using the RSA algorithm instead of ECDSA. Once you have a certificate generated with RSA, you should be able to upload it successfully.

    Kay

  • coderjoe
    coderjoe Posts: 6
    First Comment
    edited March 7

    That is a shame, but thank you very much for your advice.

    For now I am able to revert back to RSA keys, but if I'm required to follow the certificate guidelines of the software suite and internal CA I'm integrating with, and if they choose to adopt ECDSA certs as a standard I may be out of luck.

    Is it possible to get ECDSA certificate support as a future feature?

  • coderjoe
    coderjoe Posts: 6
    First Comment

    I've updated the title to reflect that I would like to request this feature. Thank you for your consideration. :)

  • coderjoe
    coderjoe Posts: 6
    First Comment
    edited March 8

    I didn't realize my comment had been moved out of Switch Ideas and into Switch.
    Should I re-submit my feature request there?

    Edit: Or maybe I'm misremembering and never posted there. Either way I'm happy to resubmit if that is the correct process.

  • Zyxel_Kay
    Zyxel_Kay Posts: 545  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @coderjoe ,

    Initially, we determined that the content of your post was more geared towards seeking assistance. Hence, we relocated it from Switch Ideas to Switch to ensure it is in a more appropriate discussion space.

    Regarding your feature request concerning the support for ECDSA certificates on GS1900 series switches, I fully agree with your suggestion. Therefore, I have resubmitted it in the ideas section for further consideration.

    If anyone supports this idea, please don't hesitate to leave a comment or vote. Your input, in the form of comments and votes, will play a crucial role in our evaluation process.

    Kay

  • coderjoe
    coderjoe Posts: 6
    First Comment

    I agree, my original post wasn't worded correctly to serve as a suggestion. Thank you for re-posting for me Kay! :)