Posts Tagged ‘root certificate’

The difficulties of installing an SSL certificate on a ZyXEL ZyWall USG 300 firewall (if even possible!)

Having spent some time trying to install an SSL certificate from a trusted certification authority on this product, I felt I should share my findings as they might save someone else the headaches and time I had to spend on this.

For reference I used a ZyXEL ZyWall USG 300 with Firmware version: 2.20(AOE.6) / 1.11 / 2011-10-05 11:51:34

I assume this information is the same for pretty much all versions of ZyWall products, but I can not confirm this from own testing as I only had access to one edition.

About Intermediate SSL certificates

All certificates today that want to enjoy the WebTrust approval must use intermediate issuing certificate authorities, this means that a root certificate is no longer allowed to directly issue server certificates for customers. This makes good sense security wise, as it is much harder for a hacker to gain access over the root certificate when it is not online and in case of a compromise, it should be sufficient to close the intermediate, without having to “remove/uninstall” the root from every client in the world.

So most professional products around that uses SSL certificates must be able to install both a server certificate and the intermediate issuing certificate, because the client only knows the root certificate, it needs the server to give it both.

Installing SSL certificates on ZyXEL ZyWall USG 300 (the good part)

Go into Configuration -> Object -> Certificate

Some things to have in mind when installing Read the rest of this entry »

Getting root certificates into your Windows Mobile without using a chain saw

Getting SSL root certificates into mobile phones, has always and still is a hastle. My personal advice to people trying to use a server certificate on mobile phones, for example for e-mail, is very simple. But before I go more into that.. The reason I came on to this subject, was because a friend asked me if I knew of an easy way to put your own root certificates into mobile phones. I didnt when he asked, but I just found a nice guide explaining how to, for Windows Mobile phones – yes each type needs it’s own way of installing – sigh.

The guide can be found on two Swedish IT consultants Blog (Yes I am swedish – No it’s not me), I find it worrying how many posts include stuff I work with as well, including some info about my beloved WRT54GL that I am pondering swapping with something faster soon. The blog post about how to install Root SSL certificates on Windows Mobiles, with a CAB setup file, and a simple XML format can be found here: http://poweradmin.se/blog/2009/11/15/smooth-root-certificate-deployment-for-mobile-devices/

Back to my personal advice on how to get root certificates on mobile phones. Read the rest of this entry »