NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jameyers4's avatar
jameyers4
Tutor
Aug 03, 2019

Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)

I logged into my Orbi RBK50 today - long story short - the security certificate expired yesterday. I have the latest firmware posted (just udpated some days ago) v2.3.5.30.   Can someone from Netge...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Oct 03, 2019

On the LAN side of the Orbi, web pages are HTTP, which is not secured and thus has no certificate.

When the Orbi's Remote Management is activated, the connection is HTTPS to the public IP and the default port is 8443, as in "https//<Orbi Public IP>:8443"  (the port can be changed, but I didn't)

 

My Orbi has Remote Management activated.  I used Chrome and got this:

If a person attempts to HTTP to the Orbi public IP, it simply fails.  It appears pretty clear that (a) this is not viewed as a "major issue" by Netgear, and (b) they seem to have no easy method of putting a new certificate on the Orbi short of updating the firmware.  One of the things people are waiting for is when (if?) new firmware appears, will the certificate be valid?

BrianG_Simi's avatar
BrianG_Simi
Star
Oct 03, 2019

I would add that I assume any network I'm isn't 100% secure, especially with more and more IoT (Internet of Things) devices, like cameras, doorbells, refrigerators, streaming devices, etc. that may or may not be following best security practices, and hackers getting more and more sophisticated.

 

If I'm logging into to the admin site on my router, I'm going to use https, even when on my LAN, and I expect the products I use to support standard security best-practices, like having valid (non-expired) certs.

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Oct 03, 2019
    BrianG_Simi wrote:

    If I'm logging into to the admin site on my router, I'm going to use https, even when on my LAN, and I expect the products I use to support standard security best-practices, like having valid (non-expired) certs.

    When I log on to my Orbi from the LAN side using HTTPS, I get the same "expired certificate" error as from the public side.  Firefox's messsage is more dramatic looking than Chrome, and gives more explanation about when the certificate expired. (Note that when the user proceeds to the web site despite being warned off, the error does not pop up on subsequent visits.)