I logged into my Orbi RBK50 today - long story short - the security certificate expired yesterday. I have the latest firmware posted (just udpated some days ago) v2.3.5.30. Can someone from Netgear comment plesae - it's rather surprising that a simple security lapse like this should happen, particularly when the firmware is quite recent. Netgear includes these certificates for a reason, right?

The certificate expiration was literally August 2. Netgear was supposed to purchase an extension to the expiration date and failed to do so. We users can do nothing except override our browser warnings and "trust". (Some browsers make this very difficult.) Eventually, someone at Netgear will fix this, and the problem will go away. There is nothing a user can do.

Bruin711 wrote:This is still a problem?It remains a nuisance. People who connect to "http://" from within the Orbi LAN notice nothing. People who connect to the "https://" from outside the LAN get an obnoxious error message about the connection "not being secure", and several browsers actively obstruct the user from connecting to the Orbi web interface. (Have to click on "Advanced" and "Connect anyway".) It's annoying. Just personally, I believe most of us are really put out with Netgear. "How hard can it be to keep track of when security certificates expire?" is the question. Sort of like,"oh, was I supposed to pay the rent this month?" Well, duh, yes!!!!

NG recently released hot fix v2.3.5.34 to attempt to update the expired https certificate. However, they replaced it with a self-signed certificate instead of one issued by a certificate authority (CA). This still causes browsers to not trust the https URL for the router. Here is the certifcate error shown on Firefox 70.0.1 for the v2.3.5.34 firmware: orbilogin.net uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT I do not have v2.5.0.40 hot fix installed due to the major bug in device naming that it introduced. So I do not know if it likewise has a self-signed certificate instead of a valid CA issued certificate. If someone is running v2.5.0.40, can you check the certificate and report back? And open a ticket with NG if it likewise is self-signed.

Amazing, Netgear right hand does apparently not know whet the left hand is doing. I already wondered and queried half a year ago what the plan is considering they have a properly Entrust CA signed certificate for the [www.]routerlogin.[net|com] DNS names however the Orbi specific DNS names have not been added - here on an Nighthawk R9000: FWIW tomschmidt the certificate can never be valid as long as you are accessing the router by an IP address. But of course, the self-sign is utterly useless anyway. [Edit: Just spotted that the text result comes from an access with the right DNS name: orbilogin.net uses an invalid security certificate.]

Logged in how? Locally from a device on the Orbi network? Remotely using Orbi app? web interface?

Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)

84 Replies

Retired_Member
Oct 03, 2019
jameyers4 wrote:
I logged into my Orbi RBK50 today - long story short - the security certificate expired yesterday. I have the latest firmware posted (just udpated some days ago) v2.3.5.30.

As old as this is....v2.3.5.30 the common thread...ugh
Retired_Member
Oct 03, 2019
found this:

https://kb.netgear.com/7003/Installing-a-Certificate-on-Google-Chrome-for-ReadyNAS-OS-6
- Wire1852
  Apprentice
  Oct 03, 2019
  Microsoft edge has the same issue.
  - Retired_Member
    Oct 03, 2019
    How is it you are seeing the error? When you login to your Orbi router via web interface?
abqttu
Aspirant
Oct 04, 2019
The certificate expiration also breaks Orbi's built-in VPN. When I attempt to VPN into Orbi - from a site external from my home network - I receive warnings in both Chrome and Firefox of potential security issues. Nothing that isn't already know from the security errors thrown by Chrome/Firefox and other browsers but the command "openssl x509 -in server.pem -noout -dates " confirms the certificate has expired:
notBefore=Aug 2 16:21:58 2016 GMT
notAfter=Aug 2 16:51:57 2019 GMT
- CrimpOn
  Guru - Experienced User
  Oct 04, 2019
  abqttu wrote:
  The certificate expiration also breaks Orbi's built-in VPN. When I attempt to VPN into Orbi - from a site external from my home network - I receive warnings in both Chrome and Firefox of potential security issues.
  notAfter=Aug 2 16:51:57 2019 GMT
  I think what you are seeing is not the VPN being broken, but the same phenomenon we all notice. When the user connects a web browser to a "secure site" (https) and the web site certificate is not valid, the browser complains and urges the user not to proceed. The VPN still did its job by making the connection. The option to "go ahead anyway" is not obvious, and (I believe) some browsers will not permit the user to access a site with an invalid certificate. (Edge, for example)
  - abqttu
    Aspirant
    Oct 04, 2019
    I agree the problem I am seeing is the same as what you all are seeing. It is not a client/server connectivity issue. However, VPN is effectively broken since chrome will not allow connections to remote destinations. And although Firefox will let you click through the security warnings its functionality is erratic at best.
Wire1852
Apprentice
Oct 22, 2019
This really sucks!!!

Netgear has update the Orbi firmware (v2.5.0.38) and the security certificate has still not been updated.
- Wire1852
  Apprentice
  Oct 22, 2019
  Wire1852 wrote:
  This really sucks!!!
  
  Netgear has update the Orbi firmware (v2.5.0.38) and the security certificate has still not been updated.
  I got the firmware by logging into router & checking for update. The new firmware doesn't show on Netgear support webpage.
- schumaku
  Guru - Experienced User
  Oct 22, 2019
  Wire1852 wrote:
  Netgear has update the Orbi firmware (v2.5.0.38) and the security certificate has still not been updated.
  Oh Netgear did it again ... ChristineT why I don't wonder one second?
FURRYe38
Guru - Experienced User
Nov 11, 2019
https://kb.netgear.com/000061393/RBR50-RBS50-Firmware-Version-2-5-0-40-Hot-Fix
- Wire1852
  Apprentice
  Nov 11, 2019
  FURRYe38 wrote:
  https://kb.netgear.com/000061393/RBR50-RBS50-Firmware-Version-2-5-0-40-Hot-Fix
  
  Are you insane? You're pointing people to a hot fix that is on top of 2.5.0.38 that people have been experiencing issues with for the last 2 weeks. Netgear indicate the hot fix only fixes the security certificate issue. All the other issues in 2.5.0.38 are still in this hot fix.
  - schumaku
    Guru - Experienced User
    Nov 11, 2019
    Wire1852 wrote:
    FURRYe38 wrote:
    https://kb.netgear.com/000061393/RBR50-RBS50-Firmware-Version-2-5-0-40-Hot-Fix
    
    Are you insane?
    It's your choice what is more important - a valid certificate or a random older firmware you prefer for whatever reason. Unlikely Netgear will release older firmware(s) with the new factory certificate.

Forum Discussion

Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)