HTTPS access to the web interface.

I see that this has come up before.  No progress since then ...

https://community.netgear.com/t5/Orbi/Why-isn-t-ORBI-Login-Secure/m-p/1812545/highlight/true#M72955 

---

alokeprasad wrote:

OK to accept a cert with uncertain chain of authenticity?

How do we know that the cert wasn't compromised and would allow a man-in-the-middle attack?

---

The typical question of people which have not much idea what is required to have no questions asked just showing a "lock" in the browser, just citing some wonderful warnings ...

It's the standard problem when using self-signed certificates. Blunt theory, before accepting the exception you must compare the certificate signature with the one shown. if it's the same, a MITM is unlikely. and of course, as it's a self-signed certificate, there can't be a chain to a root trusted by all your browser makers...

Have your own DNS, your own domain (these two would allow letting a public CA singing your certificate), in case of a local domain your own PKI (certificate authority) with all the infrastructure required to operate a CRL and OCSP and having this integrated with all your browsers and mobile devices? Then you could request Netgear adding a feature to run a CSR to be signed by your CA.

---

alokeprasad wrote:

NG should distribute valid certificate with the firmware...

---

Well, two possible answers.

1. Netgear did ... they had a nicely signed certificate in place, the "lock" came up when using e.g. https.//orbilogin.com/ ... needless to say this required including the (same) private key, and it broke the CA legal requirements.
2. What would you suggest? 

Where should be this intruder in a home network where all clients connect to the Orbi system wireless resp. more or less direct wired network connections?