How to Resolve VPN Certificate Issues Between uOS and ZLD Devices?
Options
Zyxel_Cooldia
Posts: 1,568 
Zyxel Employee
Zyxel Employee
Question:
What should I do if the self-generated certificate from uOS can't be used for IKEv2 VPN on ZLD devices?
Answer:
If you encounter an issue where a self-generated certificate from a uOS device cannot be used for an IKEv2 VPN gateway profile on ZLD devices, follow these steps:
- The issue arises due to the ZLD VPN module not supporting the ECDSA algorithm in certificates.
- As a workaround, regenerate the certificate using the RSA algorithm.
- Once the RSA certificate is ready, guide users to use the "get from server" option to download the IKEv2 profile from the ATP800 device.
- If clients use the native Windows VPN client, provide a script installation to clients. This script can be downloaded in the wizard's final steps.
- If an urgent firmware update is needed to resolve this issue, initiate a request to MDM for communication with PLM to allocate resources for support.
This solution allows the users to continue using the VPN without disruptions.
Tagged:
0
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 528 USG FLEX H Series
- 331 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 50 Wireless Ideas
- 6.9K Consumer Product
- 293 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight