The SSL cert is regenerated upon reboot of the ZS router.
This causes problems when used with browsers that cache the cert.
Suggest an option in the cert gen screen —
[ ] Preserve cert (do not regenerate) OR
[ ] Regenerate cert on reboot
Either way, with new secure browsers or with security-aware proxies the regeneration causes problems. The cert is cached and later access (after a router reboot) causes the cert to be invalid. This is a bad thing.
There is two cases in which the default certificate is automatically renewed at boot time:
– the certificate is expired or manually revoked. This is not a problem because the certificate has a validity of 1 year. If the certificate, instead, is continuously renewed your system has not the RTC battery to keep the system time.
– If you add, remove and change an IP address, at next boot, the default certificate will be updated in the section:
X509v3 Subject Alternative Name:
DNS:test.example.com, IP Address:192.168.0.75, IP Address:192.168.1.75, IP Address:192.168.250.254, IP Address:192.168.22.75, IP Address:192.168.33.75, IP Address:192.168.100.75, IP Address:192.168.4.75, IP Address:192.168.101.75
These are a useful features not bugs. If you do not like, just manually create or import a certificate and use it instead of the default auto created one.