dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
671
share rss forum feed

u475700
Premium
join:2004-02-16
Reviews:
·Callcentric
·Comcast

Problem with remote administration using HTTPS

I have two older ZyWALL units, 2X and 2 Plus, both of which I can no longer access remotely using HTTPS. I previously didn't have any such difficulty with either of them but it's been probably more than a year than the last time that I last tried. I can see in the log that the access for TCP port 443 was permitted.

I subsequently discovered that the CA, root_middle and root_zyxel certificates have all expired. Would this prevent HTTPS from being used for remote administration?



aes128

join:2003-12-19
Saint Clair Shores, MI

1 recommendation

This happened to me on my old 2 Plus. You need to create a new Cert on the box and activate it as the local cert else HTTPS will not work.

I used https inside my net and at first thought the box was hung so I rebooted it and of course, that did not help. Then I tried http, this worked and I created a new cert and all was well again. Won't happen again though as I use a USG50 now.


u475700
Premium
join:2004-02-16
Reviews:
·Callcentric
·Comcast

1 edit

1 recommendation

reply to u475700

I just opened case number 150916 with ZyXEL support. They presumed that the latest firmware upgrade 4.04(XU.11)C0 dated 02/09/11 per the release notes also included new certificates.

I also loaded the default ROM included with this firmware but those certificates are also expired.

There is a CA certificate available from the download center. However, that one expired in 2010.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

So are you saying that you can't simply generate new self-signed certificate for the ZyWall?
What specific error do you get when you try to do that?


u475700
Premium
join:2004-02-16
Reviews:
·Callcentric
·Comcast

1 edit

No, I'm able to generate a new self-signed certificate. However, whenever I attempt to access the Zywall via HTTPS from either the LAN or WAN, I now receive the message "Internet Explorer cannot display the webpage."

I verified that Server Access for HTTPS in Remote Management was configured properly to allow this.

Before this problem arose, I normally received a warning that the certificate was not authenticiated, which I would just override and proceed to the logon page.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 recommendation

In Remote Management -> WWW -> HTTPS you need to change the server certificate to the newly generated one. Are you saying you did that and still no go?
Did you clear the browser's cache?

Also, are you using "Authenticate Client Certificates" ? if yes, then you need to re-generate your certificate.


u475700
Premium
join:2004-02-16
Reviews:
·Callcentric
·Comcast

1 recommendation

Thank you Brano for solving this for me!!! Although I regenerated a new self-signed certificate, Server Certificate still reflected the original one. After I changed to the new one, I now receive the usual warning message about the unauthenticated certificate and then can proceed to login.



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

(Brano's kind of a miracle worker around here...)



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 recommendation

No kidding, boggles my mind why someone in the upper stratospheres of this forum AKA any mods not in a continuallly drugged stupor, have not elevated him to super MVM let alone MVM.


Kirby Smith

join:2001-01-26
Derry, NH
reply to u475700

First, we have to uncover the long covert SYNACK.