NWA130BE - Import custom certficate and key (Let's Encrypt)
Hi there,
I tried several ways to import my custom certificate to my NWA130BE access points and I cannot seem to make it work. I would like to replace the default one by this certificate to remove the warning in Web Browsers.
The FQDN and certificate are working fine everywhere else (Proxmox, Portainer, etc.).
I have two files: certificate.pem and privkey.pem, not password protected.
How do I upload those on the access points and how do I enabled the Web server to use those?
I'm running the last firmware 7.00(2) but I doubt that the last one 7.0(3) will change anything here…
Thanks,
D.
Accepted Solution
-
Hi Kay,
I'm using this wildcard certificate for several endpoints with no issue. I will keep generating a separate certificates for Zyxel devices.
Thanks,
D.
0
All Replies
-
Hi @Dulcow
To replace the default certificate with your custom Let's Encrypt certificate, please follow our detailed guidance here:
If you've followed these steps and are still experiencing issues, please feel free to send your certificate files via private message so we can assist you further.
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hi there,
I came across this guideline document and does not seem to work at all for PEM files I'm getting via Let's Encrypt ("combined.pem" regrouping "fullchain.pem" containing intermediate and final certificate and "privkey.pem" containing ECDSA key).
When using a PFX certificate with a password, it worked but it just means more operations when renewing my certificates…
Thanks,
D.
0 -
Hi @Dulcow
Please try uploading your certificate under the Trusted Certificates tab. The My Certificate section only allows the import of a certificate that matches a corresponding certification request generated by the Zyxel device.
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hi there,
The import works, I can see the certificate in the "Trusted Certificates" tab but I cannot select it when configuring HTTPS service, it does not show in the list.
How can I fix this?
Thanks,
D.
0 -
Hi @Dulcow
The server certificate dropdown list under System > WWW > HTTPS only displays certificates located in My Certificate.
Once you successfully import the Let’s Encrypt certificate to the AP, it should work with the AP.
Please check if the warning message still appears in your web browser when you access the AP web page. If it does, it may be because the certificate hasn't been fully validated by the CA server, or the IP address or FQDN hasn't been bound. Please confirm that the certificate has completed all necessary binding steps with the CA server.
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hi Kay,
It won't work by itself, like by magic :-(
I have to tell one way or the other to the HTTP server which certificate to use. As expected, having just uploaded the "combined.pem" certificate in "Trusted Certificates" does not change anything to the Web endpoint which still uses the default self-signed certificate.
There are no warning messages, no errors. It simply does not work by itself. So I'm asking again, how could I enable a PEM generated certificate to get SSL working with the AP Web interface?
Thanks,
D.
0 -
Hi @Dulcow
It sounds like the certificate may not fully align with the AP's requirements.
When accessing the AP's management interface, the certificate needs to match the hostname used—whether it’s the IP address or a domain name. If you’re accessing the AP via an IP address, but the certificate only contains a domain name, or vice versa, this mismatch will prevent proper SSL functionality.
From our review of the "combined.pem" certificate you shared, it appears the domain currently bound in the certificate is only as follows:
To resolve this, you may need to rebind the certificate to the AP’s IP address or domain name as appropriate, ensuring it matches what you’re using to access the AP.
Let me know if this helps, or if there’s anything else I can clarify.
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hi Kay,
I'm using this wildcard certificate for several endpoints with no issue. I will keep generating a separate certificates for Zyxel devices.
Thanks,
D.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 250 USG FLEX H Series
- 270 Security Ideas
- 1.4K Switch
- 72 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 386 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight