ZyWALL 310 GUI dead after SSL Import

Options
Gizmagis
Gizmagis Posts: 5
First Anniversary First Comment
edited April 2021 in Security

I have imported wildcard certificate to ZyWALL (256 - 2048) and it was accepted (pfx with password). However, when selecting this certificate for usage, the GUI dies completely and the ZyWALL is inaccessible from any browser, machine...

The only way is to login via SSH and revert the certificate back to default.

Any idea?

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,062  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Gizmagis

    Welcome to Zyxel community

    Import certificate files are limited.

    You cannot include multiple certificates (server, intermediate, root) in the same file.

    Here is a similar forum discussion for your reference.

    https://businessforum.zyxel.com/discussion/comment/1985#Comment_1985

  • Gizmagis
    Gizmagis Posts: 5
    First Anniversary First Comment
    Options

    Good morning Jerry,

    thank you for your reply but could you be so kind and help me out a little more? For 2 weeks I am playing "ping pong email" with one of the ZyXEL agent about the certificates and all I am getting is unfriendly and unhelpful reply every single time.

    I am being told that 3rd party SSL are not supported on USG if they have not been signed on USG and that if I have one, I have to import PFX into Trusted Certificates not My Certificates. But under Trusted Certificates PFX cannot be imported. Anyway, I have read the other thread but not quite sure what to do with it; Could you please help me out with steps what to do and what to import where for my SSL being recognized and used for HTTPS interface, VPN, etc.

    I have: PFX bundle with Private key and 3 separate files (crt): cert, intermediate and root.

    Thank you so much!

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,062  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Gizmagis

    If you're using linux utility tools.

    Here is the example command line to separate files:

    Export private key and certificate only(public key)

    private key:

    openssl pkcs12 -in test.pfx -nocerts -out test.pem -nodes

    public key:

    openssl pkcs12 -in test.pfx -nokeys -out test.crt

    To verify private key/public key match in certificate

    Example:

    openssl x509 -noout -modulus -in test.crt | openssl md5 

    (stdin)= XXXX53825f966c1a533fc9a11XXXXXXX

    openssl rsa -noout -modulus -in test.pem | openssl md5 

    (stdin)= XXXX53825f966c1a533fc9a11XXXXXXX

    The stdin value should be the same.

Security Highlight