[USG Flex H] - Export the CA trusted certificate

Options
Maverick87
Maverick87 Posts: 138 image  Ally Member
First Answer First Comment Friend Collector
in USG FLEX H Series

Hello everyone,

I try to use the internal certificate functionality; I've tried to create a cert and download it, all works.

But, when I try to export the CA certificate from the "Trusted Certificates" tab, the downloaded file seems to be corrupted.

image.png image.png

Anyone that uses this functionality? Can you help me to export the CA cert?

Thank you

All Replies

  • zyman2008
    zyman2008 Posts: 244 image  Master Member
    50 Answers First Comment Friend Collector Eighth Anniversary

    Hi @Maverick87

    It's about the certificate file format.

    PEM format: Text-based (Base64 encoded)

    DER format: Binary

    Zyxel firewall exported format is DER.

    You need using tool to convert the format. (e.g. openssl or some online convert, https://certificatetool.com/ssl-converter/der/der-to-pem)

  • Maverick87
    Maverick87 Posts: 138 image  Ally Member
    First Answer First Comment Friend Collector

    Hi @zyman2008,
    OK but ….

    image.png

    Seems that the default name have ".CRT" into the file name; also the saving window show me only ".CRT" or "*.*" as filter.

    So, ok can be a DER file, but if not specified we cannot say it.

    @Zyxel_Melen could you checking for this?

    Thank you

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,388 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Maverick87 ,

    We are currently looking into this issue and will keep you updated as soon as we have any news.

    Zyxel_Judy

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,388 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Maverick87 ,

    It looks like you opened the .crt file as a text file after downloading it, which is why the contents appear as unreadable characters. Typically, on Windows, you can view the certificate correctly by double-clicking the file and Open button, which will display the proper issuer information.

    image.png

    To better assist you, could you share more details about what you're trying to accomplish with this certificate?

    Zyxel_Judy

  • Maverick87
    Maverick87 Posts: 138 image  Ally Member
    First Answer First Comment Friend Collector
    edited April 21

    Hi @Zyxel_Judy,
    teorically, a certificate can be opened with notepad.

  • PeterUK
    PeterUK Posts: 4,464 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited April 21

    so if you want the

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----

    you can double click certificate in FLEX H to view this and save in notpad

  • Maverick87
    Maverick87 Posts: 138 image  Ally Member
    First Answer First Comment Friend Collector

    Hi @PeterUK,
    OK so for the Trusted Certificate, the export is not in CRT format (but as explain some posts ago, why you should propose to save the cert in CRT format, but is not in CRT format?) but if I click on the certificate, I can take the BEGIN-END certificate and use it? Is the same things?

    Thank you

  • PeterUK
    PeterUK Posts: 4,464 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    yes

  • Maverick87
    Maverick87 Posts: 138 image  Ally Member
    First Answer First Comment Friend Collector

    Thank you @PeterUK

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)