improper certificate regeneration on reboot

Home Page Forums Network Management Signal a BUG improper certificate regeneration on reboot

This topic contains 0 replies, has 0 voices, and was last updated by  wbschindler 10 years, 7 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #41185

    wbschindler
    Member

    The SSL cert is regenerated upon reboot of the ZS router.

    This causes problems when used with browsers that cache the cert.

    Suggest an option in the cert gen screen —

    [ ] Preserve cert (do not regenerate) OR

    [ ] Regenerate cert on reboot

    Either way, with new secure browsers or with security-aware proxies the regeneration causes problems. The cert is cached and later access (after a router reboot) causes the cert to be invalid. This is a bad thing.

    #46918

    imported_fulvio
    Participant

    There is two cases in which the default certificate is automatically renewed at boot time:

    – the certificate is expired or manually revoked. This is not a problem because the certificate has a validity of 1 year. If the certificate, instead, is continuously renewed your system has not the RTC battery to keep the system time.

    – If you add, remove and change an IP address, at next boot, the default certificate will be updated in the section:

    X509v3 Subject Alternative Name:
    DNS:test.example.com, IP Address:192.168.0.75, IP Address:192.168.1.75, IP Address:192.168.250.254, IP Address:192.168.22.75, IP Address:192.168.33.75, IP Address:192.168.100.75, IP Address:192.168.4.75, IP Address:192.168.101.75

    These are a useful features not bugs. If you do not like, just manually create or import a certificate and use it instead of the default auto created one.

    Regards
    Fulvio

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.