This document is provided as-is without any warranty. The author is and will not be responsible for any damages that may occur due to its use.

The management side of the Zyxel's GS1900 Ethernet switch series uses a Linux kernel in combination with a Busybox-based userland. By default only a Web interface is enabled for administration. HTTP over TLS (often called HTTPS) can be enabled, but neither the key nor the certificate can be configured via the web interface. This document describes how to install a custom RSA key and X.509 certificate on a Zyxel GS1900 series switch. The instructions were tested on a GS1900-24 model running firmware version “V2.00(AAHL.2)”.

The caveats of this approach is that the key as well as any passwords have to be transmitted via an unencrypted network connection. As of this writing the author is not aware of any other method, though. It may be sensible to connect directly to the switch rather than via any intermediate devices.

As usual a configuration backup should be made before starting. In case anything goes wrong and all configuration interfaces become unavailable the switch has to be restored to factory defaults.

Enable Telnet and acquire root shell

Jan Tore Morken has documented how to enable the Telnet daemon. I'm reproducing the important steps:

Install RSA key and X.509 certificate via Telnet

The author used a variation of the command shown below to generate a new RSA key with a length of 4096 bits and a self-signed certificate with a validity of one year. The key and certificate should be generated on a separate machine as the version on the switch is very old. Naturally a certificate signed by a certificate authority (CA) may also be used.

$ openssl req -batch -x509 -nodes -newkey rsa:4096 -days 365 \
  -keyout switch.key -out switch.pem -subj '/CN=switch.domain.tld'

On the switch the key and certificate are stored in /mnt/ssh/ssl_key.pem and /mnt/ssh/ssl_cert.pem respectively. There are only few programs available in the userland. There is no text editor at all. Instead files have to be written using cat. When the root shell is opened as described before ^D (Ctrl-D; end of file) does not work. Fortunately it can be enabled using stty.