Hi guys,

I'm trying to install a certificate I've gotten via startssl, I performed a CSR via my router and have generated the 2048 bit certificate from startssl and it looks perfectly fine.

However, when I attempt to install it as a local certificate I get:

Upload Fail ...
Imported Certificate too big. Try again!!!!!!!!!!

This is on Draytek Vigor 2925N. (3.8.0.1)

Also, I've noticed for my SSL VPN that it's using TLS 1.0. Is there anyway to enable/disable specific hashing algorithms and to force it to use TLS 1.2 instead of TLS 1.0?

Thanks.

Same problem here.

http://www.forum.draytek.co.uk/viewtopic.php?f=2&t=20171

I get the same thing I've reported it to draytek as a bug so we'll see if they can fix it. I think it's because startssl puts both the sub-domain and the domain into the certificate.

3.8.2.2 now lets you import StartSSL certificates.

Only available at draytek.com.

Works for me....

I have also just installed a StartSSL certificate and this is working fine on my 2860n running 3.8.2.2.

However, I want to disable the ability to use HTTP to manage the router and only use HTTPS. I have deselected HTTP in the LAN Access Control section and restarted the router. It seems that HTTP is still working even thought it is deselected.

Anyone have any ideas how to disable HTTP access and use HTTPS only? Is this a bug in the 3.8.2.2 firmware?

Does anyone know of, or can some kind person please provide, a step-by-step instruction on how to generate a signed certificate suitable for use securely identifying an https or SSL VPN connection for a vigor 2860 which is 'gateway.somedomain.co.uk' where I have control of somedomain.co.uk? I mean to the level of what information goes in what field of the various web pages, and how I should go about using StartSSL or Letsencrypt to sign the certificate.