FVS318N csr signed by Openssl intermediate CA not accepted

Hello DaneA,

Thanks for the effort and answer.

Sadly the answer you had confirms what I feared: the certificate support is very much limited.

> 2. Answer: No, Currently our devices don’t have such setting Key usage/ extended key usage by which a single certificate can be made available only for SSL or only for IPSEC.

> 3. Answer: We do not have any OIDS support.

The Router Reference manual (April 2013, 202-10836-05), p316 (chapter: Manage Digital Certificates for VPN Connections):

"On the wireless VPN firewall, the uploaded digital certificate is checked for validity and
purpose. The digital certificate is accepted when it passes the validity test and the purpose
matches its use. The check for the purpose needs to correspond to its use for IPSec VPN,
SSL VPN, or both. If the defined purpose is for IPSec VPN and SSL VPN, the digital

certificate is uploaded to both the IPSec VPN certificate repository and the SSL VPN
certificate repository. However, if the defined purpose is for IPSec VPN only, the certificate is
uploaded only to the IPSec VPN certificate repository"

It would be good and fair to reissue an updated Reference Manual on longer containing that. The current product description and publicly available documentation is misleading.

The update could contain also "we don't support intermediate CA" as well. But I'm repeating myself.

>4. Answer: No, we do not have this debug logs support by default in firmware.

I feel like I'm a pain - but you said "by default": does this mean that it could be somehow changed? I'm ok with the command line, should that be needed.

Or should I read "not possible at all, go away!" ? :)

Bottom line: the setup I need to put in place is impossible to achieve with my FVS318N unless some firmware update will address the missing bits.

This looks rather unlikely to happen in anytime soon....

Thanks!

Best regards,