Knowledge Base

How to import a third-party certificate into USG?


I have purchased a third-party certificate from Internet, how can I import this certificate and use it as my USG's certificate?


To import a certificate into USG, two certificates are required. The first one is called the ROOT certificate, and it confirms the identity of the authority certificate organization. The second certificate is purchased by the customer, and is referred to as the purchased_certificate. We will use a Windows Server 2008 acting as a CA server to assign the purchased_certificate to the USG. In this scenario, Windows 2008 is the third-party organization.


Step 1. Get the ROOT certificate file from the third-party organization and import it into USG trusted certificates. 

In Configuration > Object > Certificate > Trusted Certificates > Import.





Step 2. Add a request-certificate, then USG will create a REQ type certificate.
In Configuration > Object > Certificate > My Certificates > Add
Step 3. After generating the REQ type certificate, double click it and copy the Certificate in PEM (Base-64) Encoded Format.
Step 4. Provide the Certificate in PEM (Base-64) Encoded Format to the third-party organization to obtain the customer purchased certificate.
Step 5. In the GUI under My certificate, import the purchased certificate. The former REQ type certificate will change to CERT type.
Step 6. Change the Configuration > System > WWW > Server Certificate, from default to the purchased certificate name.
Please note that the steps outlined above may differ when using third-party process. The USG requires, one ROOT certificate in Trusted Certificates to authenticate the third-party organization and one purchased certificate in My Certificates.


Please download the USG's certificate from "My Certificates". Import the certificate into your browser's Personal pool and import the ROOT certificate into Trusted Root Certification Authorities pool of your browser.


Double click the new purchased certificate and fill in the password then select Export Certificate with Private Key




Before importing the certificate into your browser, you will see the following (or similar) page when accessing the USG's web GUI.





After importing the purchased certificate, you will see a lock icon in the URL bar. The page will resemble the following figure.


Please leave your comment:


Question Profile

TYPE:Application / Configuration Example
MODEL:ZYWALL USG 100,ZYWALL USG 1000,ZYWALL USG 20 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support