USG60 - SSL VPN conect but "this connection is untrusted"
All Replies
-
The default SSL certificate of the device is signed by the device, so it's "untrustable" as default.The message says something like "hey, i cannot recognize this certificate". As your browser do if you don't put up an exception.1
-
Where and how can an exception be set?Does the current status affect the security of the connection or not?I tried to download the device certificate and upload it to the PC, but no change.
Thanks
0 -
A way might be install a public validated certificate to the device. Another (never tried) way is tell to Windows correctly (is often utterly user unfriendly) to consider trustworthy the certificate (and maybe also the certification authority).Does the current status affect the security of the connection or not?
Tough question... As encryption between your computer and the firewall the security level is equal.
If you can remember the data presented to you by SSL VPN application and compare it time to time if it's the same, the security of the connection won't change compared to a validated certificate or defining the certificate (and maybe the CA) trustworthy from your computer.
However... if you don't take care on what it's proposed to you and someday change... and you don't get it. Well... Something "non that nice" might be happening and you will not be aware of.Last but not least: the "guru" thing is due only to the number of posts. I'm not considering myself a guru and what you read are my personal opinions.
0 -
Papa said:Where and how can an exception be set?Does the current status affect the security of the connection or not?I tried to download the device certificate and upload it to the PC, but no change.
ThanksHi @PapaWelcome to Zyxel’s community. Just as mMontana mentioned, the default certificate is signed by the Zyxel device itself rather than the organization that is trusted by the browser, so it would appear “this connection is untrusted” message.
Please refer to the below description from Google Chrome Help.
But if, you would like to establish a secure connection while login the device Web-GUI from lan1 interface 192.168.1.1, you could refer to the below steps:
2.Configuration > System >WWW> Server Certificate change to “zyxel.local”.
3. Configuration > System > DNS > to add an address record FQDN “a.zyxel.local” with IP address 192.168.1.1.
4.To import the certificate “zyxel.local” to PC.
To check the managed certificates via Chrome browser.
5. To clean browser cache and close Chrome browser.
6. To Open Chrome browser.
7. The PC connects to LAN1 and enter the URL https://a.zyxel.local on Chrome browser and you would see the connection is secure, as below:
If you view the certificate, you will find its DNS name is a.zyxel.local, as below:
See how you've made an impact in Zyxel Community this year!
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 150 Nebula Ideas
- 97 Nebula Status and Incidents
- 5.7K Security
- 268 USG FLEX H Series
- 273 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
