Problem with remote administration using HTTPS
I have two older ZyWALL units, 2X and 2 Plus, both of which I can no longer access remotely using HTTPS. I previously didn't have any such difficulty with either of them but it's been probably more than a year than the last time that I last tried. I can see in the log that the access for TCP port 443 was permitted.
I subsequently discovered that the CA, root_middle and root_zyxel certificates have all expired. Would this prevent HTTPS from being used for remote administration?
Saint Clair Shores, MI
This happened to me on my old 2 Plus. You need to create a new Cert on the box and activate it as the local cert else HTTPS will not work.
I used https inside my net and at first thought the box was hung so I rebooted it and of course, that did not help. Then I tried http, this worked and I created a new cert and all was well again. Won't happen again though as I use a USG50 now.
|reply to u475700 |
I just opened case number 150916 with ZyXEL support. They presumed that the latest firmware upgrade 4.04(XU.11)C0 dated 02/09/11 per the release notes also included new certificates.
I also loaded the default ROM included with this firmware but those certificates are also expired.
There is a CA certificate available from the download center. However, that one expired in 2010.
BranoI hate VogonsPremium,MVM
So are you saying that you can't simply generate new self-signed certificate for the ZyWall?
What specific error do you get when you try to do that?
No, I'm able to generate a new self-signed certificate. However, whenever I attempt to access the Zywall via HTTPS from either the LAN or WAN, I now receive the message "Internet Explorer cannot display the webpage."
I verified that Server Access for HTTPS in Remote Management was configured properly to allow this.
Before this problem arose, I normally received a warning that the certificate was not authenticiated, which I would just override and proceed to the logon page.
BranoI hate VogonsPremium,MVMReviews:
In Remote Management -> WWW -> HTTPS you need to change the server certificate to the newly generated one. Are you saying you did that and still no go?
Did you clear the browser's cache?
Also, are you using "Authenticate Client Certificates" ? if yes, then you need to re-generate your certificate.
Thank you Brano for solving this for me!!! Although I regenerated a new self-signed certificate, Server Certificate still reflected the original one. After I changed to the new one, I now receive the usual warning message about the unauthenticated certificate and then can proceed to login.
(Brano's kind of a miracle worker around here...)
AnavSarcastic Llama? Naw, Just AcerbicPremium
No kidding, boggles my mind why someone in the upper stratospheres of this forum AKA any mods not in a continuallly drugged stupor, have not elevated him to super MVM let alone MVM.
|reply to u475700 |
First, we have to uncover the long covert SYNACK.