1 about the certificate not trusted log, Figure 283 myzyxel.com: download center – ZyXEL Communications 5 Series User Manual

ZyWALL 5/35/70 Series User’s Guide

Chapter 30 Logs Screens

505

30.2.1 About the Certificate Not Trusted Log

myZyXEL.com and the update server use certificates signed by VeriSign to identify
themselves. If the ZyWALL does not have a CA certificate signed by VeriSign as a trusted
CA, the ZyWALL will not trust the certificate from myZyXEL.com and the update server. The
ZyWALL will generate a log like "Due to error code(11), cert not trusted: SSL/TLS peer
certif..." for every time it attempt to establish a (HTTPS) connection with myZyXEL.com and
the update server. The V4.00 default configuration file includes a trusted CA certificate signed
by VeriSign. If you upgraded to ZyNOS V4.00 firmware without uploading the V4.00 default
configuration file, you can download a CA certificate signed by VeriSign from
myZyXEL.com and import it into the ZyWALL as a trusted CA. This will stop the ZyWALL
from generating this log every time it attempts to connect with myzyxel.com and the update
server.

Follow the steps below to download the certificate from myZyXEL.com.

1 Go to http://www.myZyXEL.com and log in with your account.

2 Click Download Center and then Certificate Download.

Figure 283 myZyXEL.com: Download Center

3 Click the link in the Certificate Download screen.

notes

The ZyWALL blocked the packet.

message

The ZyWALL blocked the packet in accordance with the firewall’s default policy of blocking
sessions that are initiated from the WAN. “UDP” means that this was a User Datagram
Protocol packet. “W to W/ZW” indicates that the packet was traveling from the WAN to the
WAN or the ZyWALL.

Table 163 Log Description Example

LABEL

DESCRIPTION