dave08  Freshman Member

Ok, so I have a solution but it won't allow me to access SSL configurations through Control Panel. I had to copy my CSR.p10 again to /etc/zyxel/cert. I had removed it from there because last year I had to erase all files except default.cer and default_key.cer (under the folder named "key"). Then I can access the SSL web…

By importing the certificate via browser, it was finally identified as valid after a reboot. It got copied automatically to /etc/service_conf. Nevertheless, I new default.cer and default_key.cer were generated after the reboot, so I get the usual "http 500 error" problem when accessing the SSL options in the control panel.…

I've created a new Certificate request via web interface. Got it signed by Sectigo, installed the new certificate and key as before and rebooted. The NAS keeps generating a new self signed request. Maybe the firmware upgrade broke something, I don't know.

Thanks, Yes, I've been "looking into it", actually using the same command. My approved certificate shows the correct CN field. Isn't it strange that another approved certificate (installed on another server) causes the NAs to regenerate another self signed one?

Modifying the last byte of the self generated certificate and restarting with /etc/init.d/httpd.sh also works. After stopping, a few seconds later it starts again by its own.

After installing a working certificate for another server in this NAS, the restart also won't work anymore. I could not find logs anywhere, so far.

Thanks for the reply. Apparently it does not fail when using the self generated certificate (4096bits) After stopping/restarting with /etc/init.d/httpd.sh I get 3 more lines like the following /usr/sbin/httpd -f /etc/service_conf/httpd.conf /etc/zyxel/cert # ps | grep http 1989 root 9888 S /i-data/.system/zy-pkgs/pkg_httpd…

Http related processes before trying a /etc/init.d/httpd.sh restart /etc/zyxel/cert # ps | grep http 2533 root 9888 S /i-data/.system/zy-pkgs/pkg_httpd -f /etc/pkg_service_conf/httpd2.conf 2637 nobody 11544 S /i-data/.system/zy-pkgs/pkg_httpd -f /etc/pkg_service_conf/httpd2.conf 2638 nobody 11544 S…

After stopping httpd with /etc/init.d/httpd.sh stop I can't start it again. Also tried to stop pkghttpd.sh and davhttpd.sh and then httpd.sh but still no result. Couldn't find documentation yet about starting these processes manually.

Thanks for the reply. My NAS326 doesn't have a /sbin/zyshd . I didn't know /etc/zyxel was volatile…interesting. As for the certificates, they are exactly as they intended: I had checked them already with openssl x509 -in…The DNS name is ok, it is the same type as the self generated but 2048 bits instead of 4096 as the self…

Run e2fsck -n /dev/md2 and rebooted. Now dmesg only shows: EXT4-fs (md2): error count: 209 EXT4-fs (md2): initial error at 1574712239: ext4_mb_generate_buddy:755 EXT4-fs (md2): last error at 1711622074: htree_dirblock_to_tree:920: inode 156872721: block 1254626161 after the reboot, both certificates at /etc/zyxel/cert and…

I'm sorry, but didn't find anything related in dmesg after copying the certificate and key. Nevertheless, I've found: EXT4-fs (md2): error count: 208 EXT4-fs (md2): initial error at 1574712239: ext4_mb_generate_buddy:755 EXT4-fs (md2): last error at 1711109576: htree_dirblock_to_tree:920: inode 156311586: block 1250431372…

Checking /etc/init.d/httpd.sh I found the script checks for existing /etc/service_conf/CA.cer and CA_key.cer. If they do not exist, it copies them from /etc/zyxel/cert. I overwrote both certificate and key at these two locations, rebooted, but nevertheless they are rewritten upon reboot. Any ideas, please?

Thanks for the reply. Unfortunately, the new one is the same type and size.