How to Resolve VPN Certificate Issues Between uOS and ZLD Devices?
Zyxel_Cooldia
Posts: 1,511 
Zyxel Employee
Zyxel Employee
Question:
What should I do if the self-generated certificate from uOS can't be used for IKEv2 VPN on ZLD devices?
Answer:
If you encounter an issue where a self-generated certificate from a uOS device cannot be used for an IKEv2 VPN gateway profile on ZLD devices, follow these steps:
- The issue arises due to the ZLD VPN module not supporting the ECDSA algorithm in certificates.
- As a workaround, regenerate the certificate using the RSA algorithm.
- Once the RSA certificate is ready, guide users to use the "get from server" option to download the IKEv2 profile from the ATP800 device.
- If clients use the native Windows VPN client, provide a script installation to clients. This script can be downloaded in the wizard's final steps.
- If an urgent firmware update is needed to resolve this issue, initiate a request to MDM for communication with PLM to allocate resources for support.
This solution allows the users to continue using the VPN without disruptions.
Tagged:
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 246 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight