ATP 200 SSL Inspection error

Options
Ceccus
Ceccus Posts: 24  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security

Hello,

on my ATP 200 I activated SSL Inspection.

After updating to MAC OSX 10.15 Catalina I get this error:

NET::ERR_CERT_WEAK_KEY

I use the default certificate.

With the previous version 10.14 it worked fine.

Browser : Chrome and Safari , latest version.

Is the problem due to this? 

https://www.macrumors.com/2019/06/06/apple-deprecates-sha1-macos-catalina-ios-13/

https://support.apple.com/en-us/HT210176

How to solve? Thanks

Regards

«1

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    edited October 2019
    Options
    Hi @Ceccus

    Welcome to the forum.

    I suspect you are right.
    So I recommend generating new certificates and upload them as the following KB explains:

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=003075&lang=EN

    I hope it helps.

    Regards

  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Thanks for the reply. 
    I think the problem is generalized and I also think that Zyxel should remedy by making a new certificate available

    Regards
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    Hi @Ceccus

    Obviously Zyxel can recreate a new certificate, but I suppose it requires a device upgrade ... 
  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Thanks for the reply
    Firmware upgrade ... i suppose.

    Regards
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,315  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Ceccus,

    Thanks for reporting. 
    It is confirmed as a bug. 
    We are working on fixing it. I will send the firmware to you for verification after the bug is fixed.
  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Thanks for the reply
    Thank you so much
    Waiting for the Fix

    Regards
  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Hi Emily,

    How long will the Fix be available?

    Regards

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,315  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Ceccus,

    We modify the format of entries in the certificate to satisfy the requirements of MacOS 10.15 and it is still under verification.

    I will update the test results in the near future.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,315  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Ceccus,

    The firmware is sent to you in the private message.

  • Ceccus
    Ceccus Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Hi,

    problem still open ... firmware slow in SSL Inspection.

    Any ideas ?

    Thanks

Security Highlight