Import certificate - ERROR: Import custom CA fail
Freshman Member
Hi, I just received today an XMG1915. I configured almost everything but can't import custom certificate.
We run our own CA and all our services in our lab are using certificates issued by our own CA so they are trusted by our browsers in the company because the CA-Certificate is distributed to all computers.
I've generated a standard PKCS12 as indicated including the certificate, and the intermediate certificate. I've tested with 8192 bits RSA key pairs and 2048 RSA key pairs with sha512 and sha256 signatures and all fail with the same error message. There is nowhere information about the reason the certificate is rejected or not imported.
We need additional information about how to generate a valid PKCS12 suitable for your hardware and the limitations in the certificates. The signature algorithms supported, or, at least, an example of a success certificate creation and import process so we can figure out what's going on.
Thank you for your attention,
Regards
Ignacio
All Replies
-
Hi @ihr,
Welcome to the Zyxel Community!
We can confirm that 2048-bit RSA key pairs with SHA-256/SHA-512 should be supported on this device, so we'd like to investigate further.
Could you help us with the following?
- Generate a new PKCS12 certificate using the same setup, and set the password to 1234, then share the file with us via private message so we can test on our end.
- Please share the firmware version currently running on your XMG1915.
Thank you for your cooperation!
Zyxel Tina
0 -
Thank you for jumping in. You should have it in your inbox.
0 -
FYI. Here is the process to generate the p12:
Requirements:- Digital certificate (2048 bits) (in this case it is
swpapa.pem) - Private key (in this case it is
private.key) - Intermediate ca certificate (in my case this is 8192 bits RSA and file name is
ServersCA.pem) - Password is written in a file named
p12pass.txt
Command to execute:
openssl pkcs12 -export -out swpapa.p12 -inkey private.key -in swpapa.pem -certfile ServersCA.pem -passout file:p12pass.txtThis generates the output
swpapa.p120 - Digital certificate (2048 bits) (in this case it is
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 619 USG FLEX H Series
- 349 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 486 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight
