jdmtPremium
join:2002-05-06
Seattle, WA | How to regenerate Self Signed default certificate on USG? I have an unusual issue...after I did a firmware recovery on my USG200 (what a pain, but that's a story for another day), I noticed that clock on the unit was set for April 2015. Easy enough to fix, but unfortunately, the auto generated self signed certificate has a 'valid from' date of, you guessed it, April 2015!
As a result, all of my VPN end points, which use certificate authentication, no longer authenticate due to an invalid certificate error. I called ZyXEL tech support and they had seen this before and evidently there is a CLI command to RE-generate the self signed cert. Unfortunately, the one guy who knows how is out.
Anyone out there know the secret solution to this issue? |
|
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3 | USG200 CLI manual page 267
»ftp://ftp.zyxel.com/ZYWALL_USG_200/cli···00_4.pdf |
|
jdmtPremium
join:2002-05-06
Seattle, WA | Thanks Brano. I did see that but was worried about all of the required parameters that don't appear in the auto generated cert. I was under the impression that there was a re-create the default certificate specific command that would replace the bad one directly. |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3 | Why can't you generate new self-signed cert from GUI? ...somehow I assumed that's not an option for you. But why? |
|
jdmtPremium
join:2002-05-06
Seattle, WA | Same reason, there are many options to configure and I'm not sure how to duplicate the format of the default cert...don't want to mess anything up.
I did figure out a work around though, as follows:
1. Backup startup_conf
2. Rename the bad certtificate from "default" to something else
3. Restore the backup of startup_conf
4. Reboot device
The restore of startup_conf after renaming the bad cert restores the original object reference to the "default" cert which no longer exists, since you renamed it. The ZyWall then recreates it for you. In and done! |
|
