ZyXEL SecuExtender on Mac OSX Import Certificate greyed out
Ally Member
I have to install vpn client on a MAC, but if I want to import the (selfsigned) certificate (PEM → User certificate → certificate.crt) the OK button stays greyed out. On WIndows SecuExtender never had this problem. What am I doing wrong?
Accepted Solution
-
Thank god we have Microsoft Windows!
I asked Thegreenbow(manufacturer of SecuExtender) and they advised me to first create the profile on WIndows, export it and then import it on MAC OSX. This seemed to work surprisingly. Now I can hopefully remove that Apple from my desk for a long time.
0
All Replies
-
Hi @nielsscheldeman ,
To better assist you, could you please provide:
- Your macOS version
- Your SecuExtender version
- A video recording of the certificate import process
If possible, please also share your self-signed certificate so we can try to reproduce the issue.
0 -
Video is via Wetransferlink:
0 -
Ok, so I got further, but still not far enough. If I export certificate with key, then I can import it on the MAC. Even better, the VPN connects! Hooray, all set, called client with the good news.
…
Until saving the configuration. The certificate disappears? How? Why? Why doesn't saving the config, saves the certificate? Is this something with rights on OSX?
If I create a dummy TLS and import certificate in there, then it does save…
0 -
Hi @nielsscheldeman ,
- Method 1 - Recommended Approach:
We strongly recommend using the "Get from Server" method to obtain the IKEv2 configuration file on your Mac system. This approach bypasses the need for manual certificate importation and helps avoid security setting complications from Mac system.
- Method 2 - Manual Certificate Import - your initial approach:
If you need to manually import the certificate in SecuExtender on Mac, you need follow these steps:
1/ Import the certificate into your Mac through the "Keychain Access" software and "Trusted" it
2/ Under SecuExtender > Certificate, select the certificate
0 - Method 1 - Recommended Approach:
-
Method 1 isn't possible. VPN Tunnel is created long time ago and is in use for many Windows users which works fine. Since it isn't done by Wizard, I can't export OSX config(correct me if I'm wrong)
Method 2: imported (self signed) certificate in keychain works if I don't export certificate from FLEX with password. If I export with password, it always says password is wrong, in SecuExtender the password is accepted.
So it is now imported, but I don't see it in SecuExtender. I can only import it if I set password on the certificate(opposite way of keychain). I go to Certificate, Import Certificate, P12 format, select certificate. VPN works!
Now save config, certificate is gone and VPN won't work anymore.
0 -
Thank god we have Microsoft Windows!
I asked Thegreenbow(manufacturer of SecuExtender) and they advised me to first create the profile on WIndows, export it and then import it on MAC OSX. This seemed to work surprisingly. Now I can hopefully remove that Apple from my desk for a long time.
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 155 Nebula Ideas
- 105 Nebula Status and Incidents
- 5.9K Security
- 320 USG FLEX H Series
- 286 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 256 Service & License
- 399 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 78 Security Highlight
