How to Resolve VPN Certificate Issues Between uOS and ZLD Devices?
Zyxel_Cooldia
Posts: 1,518 
Zyxel Employee
Zyxel Employee
Question:
What should I do if the self-generated certificate from uOS can't be used for IKEv2 VPN on ZLD devices?
Answer:
If you encounter an issue where a self-generated certificate from a uOS device cannot be used for an IKEv2 VPN gateway profile on ZLD devices, follow these steps:
- The issue arises due to the ZLD VPN module not supporting the ECDSA algorithm in certificates.
- As a workaround, regenerate the certificate using the RSA algorithm.
- Once the RSA certificate is ready, guide users to use the "get from server" option to download the IKEv2 profile from the ATP800 device.
- If clients use the native Windows VPN client, provide a script installation to clients. This script can be downloaded in the wizard's final steps.
- If an urgent firmware update is needed to resolve this issue, initiate a request to MDM for communication with PLM to allocate resources for support.
This solution allows the users to continue using the VPN without disruptions.
Tagged:
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 100 Nebula Status and Incidents
- 5.8K Security
- 285 USG FLEX H Series
- 278 Security Ideas
- 1.5K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 251 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 86 About Community
- 75 Security Highlight