Switch TSW202 - no way to manage certificates

Hello.

I have the TSW202:

  • Firmware version TSW2_R_00.01.02
  • Kernel version 5.10.142

Any idea why there is no System > Administration > Certificates section like in the TRB140 device for example?

In the TRB140 my Web GUI certificate expired and I was able to replace it via the Certificates section, but the switch does not seem to have any such page.

What happens after the default HTTPS certificate expires? Are you planning to add this section there as well?

Thanks

Hello,

No need to worry. These certificates are valid for at least 2 years. The certificates section in System → Administration → Certificates is designed for VPN and similar certificates. Since TSW series switches are just switches and don’t perform routing or VPN functions, there’s no need for certificates in this case.

Best regards,

Marijus

Hi. Okay but is there a way to change the Web UI certificate at all, for example somehow via SSH? Because in a few years the certificate will expire, and unless a new certificate is automatically generated and put in place (which I don’t think is the case, since on the TRB140 I had to change it myself) then it will stay expired.

Which won’t affect the functionality of the switch as you say, but will look kind of odd at least. Imagine a scenario where these devices would be installed for a customer and in a year or two they would discover that their browser shows a certificate error on the login page.

Hello,

Yes, it’s possible to change certificates via SSH because you can connect to it like any other Linux operating system.

Best regards,

Marijus

Hello,

alright, sounds good then. Looks like one of these files could be replaced with a new cert maybe? Perhaps with this procedure? https://www.baeldung.com/linux/ca-certificate-management

# find / -name "*crt*"
/etc/rms_mqtt/RutOS@teltonika.lt.crt
/etc/ssl/certs/ca-certificates.crt
/etc/uhttpd.crt
/overlay/upper/etc/uhttpd.crt
find: /proc/5382: No such file or directory
/rom/etc/rms_mqtt/RutOS@teltonika.lt.crt
/rom/etc/ssl/certs/ca-certificates.crt

# find / -name "*pem*"
/etc/TN_RUT_FOTA_CA.pem
/etc/cacert.pem
/etc/ssl/cert.pem
/rom/etc/TN_RUT_FOTA_CA.pem
/rom/etc/cacert.pem
/rom/etc/ssl/cert.pem
/tmp/certificate.pem

Would you please maybe consider putting a manual how to do this on your Teltonika wiki? I can attempt to try to figure out how to do it myself but I would hate to brick my device. Other users may ask the same questions in the future as well.

Thanks for your time

This topic was automatically closed after 15 days. New replies are no longer allowed.