XII. Firewall/Security Features
ExpiredHow to regenerate the router's Self-Signed Certificate
DrayTek routers that support SSL VPN each have a self-signed certificate that is unique to the router and is used for identification purposes to secure HTTPS and SSL VPN access. This is to reduce the risk of man in the middle and other HTTPS impersonation attacks.
The router has a facility to create its own personalised Self-Signed certificate for HTTPS and SSL VPN usage.
To do this, go to either of these two locations (varies by model)
- [System Maintenance] > [Self-Signed Certificate]
- [Certificate Management] > [Self-Signed Certificate]
On the Self Signed Certificate page, click the Regenerate button:
This brings up the settings for regenerating a certificate. The details specified here will be included in the generated certificate and are used to identify the router.
In this example, the certificate has a Domain Name specified and the CN (Common Name) matches it. This does not need to be a legitimate domain or hostname, so this is set as "draytek.router".
The Country value must also be set to proceed, so set this to "GB".
If your router has options for it, make sure that the Key Type is set to "RSA" and that the Key Size is "2048".
Click Generate to create the new certificate.
The router will then pop up this warning message, click OK to proceed:
After about a minute, the router will then show the new certificate information on the Self-Signed Certificate page:
This new certificate can now be used for SSL VPN and web authentication by selecting it from the [SSL VPN] > [General Setup] page, by selecting the "self-signed" Server Certificate and clicking OK to apply it.
- First Published: 21/11/2019
- Last Updated: 22/04/2021