dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
810
share rss forum feed


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

USG internal storage wipe

I've managed to create self-signed CA with blank common name and USG did successfully import it.
Now however the ca daemon is dying with core dump and I can't delete the certificate neither from GUI or CLI.

How can one reset the USG to factory defaults with internal storage wipe?
The 'normal' factory reset keeps all conf files and certificates in tact, I need to wipe them.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2

Create another certificate and delete the one old one.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

No can't do. Because the CN of the certificate is blank, neither the GUI or CLI shows the certificate (GUI freezes, CLI shows coredump) thus I can't delete it.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2
Reviews:
·Frontier Communi..

1 edit

Interesting - Haven't looked yet, but can you download the config and delete it their and then restore that config to the router?

Edit - Just reviewed a backed up config file, it that won't work either.

Had you tried a reset using the reset button.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2

Curious if you were able to resolve the issue. If so, what did you have to do to resolve it?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Button reset only removes the startup-config.conf, doesn't wipe internal storage.

I have ticket open with ZyXel waiting for them to call me back.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

With help from ZyXel pointing me the right way, I was able to delete the offending certificate through FTP. All good now.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Care to write a how to or faq, so others who create a certificate with blank name have a way out........... ?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

It's very simple. Luckily the Trusted certificate store is available via FTP as cert/trusted directory

brano@droopy ~ $ ftp 192.168.10.1
Connected to 192.168.10.1.
220 FTP Server (ZyWALL USG 200) [::ffff:192.168.10.1]
Name (192.168.10.1:brano): admin
331 Password required for admin
Password:
230 User admin logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd cert/trusted
250 CWD command successful
ftp> dir
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 root     root         1553 Jan 20 02:48 bad_cert.crt
226-Transfer complete
226 Quotas off
ftp> del bad_cert.crt
250 DELE command successful
ftp> dir
200 PORT command successful
150 Opening ASCII mode data connection for file list
226-Transfer complete
226 Quotas off
ftp> 
 


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Would you believe the ole trusted certificate via FTP trick.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2
reply to Brano

Excellent - Have to keep this in my notes. Thanks Brano