How to Resolve VPN Certificate Issues Between uOS and ZLD Devices?

Zyxel_Cooldia
Posts: 1,520
Zyxel Employee





Question:
What should I do if the self-generated certificate from uOS can't be used for IKEv2 VPN on ZLD devices?
Answer:
If you encounter an issue where a self-generated certificate from a uOS device cannot be used for an IKEv2 VPN gateway profile on ZLD devices, follow these steps:
- The issue arises due to the ZLD VPN module not supporting the ECDSA algorithm in certificates.
- As a workaround, regenerate the certificate using the RSA algorithm.
- Once the RSA certificate is ready, guide users to use the "get from server" option to download the IKEv2 profile from the ATP800 device.
- If clients use the native Windows VPN client, provide a script installation to clients. This script can be downloaded in the wizard's final steps.
- If an urgent firmware update is needed to resolve this issue, initiate a request to MDM for communication with PLM to allocate resources for support.
This solution allows the users to continue using the VPN without disruptions.
Tagged:
0
Categories
- All Categories
- 429 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 350 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 406 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight