Orbi cert error all websites

CrimpOn
Guru
Feb 18, 2022
This issue has appeared on the forum before, and I cannot remember the resolution. (sigh. age.)

If you don't want to read my rant, please jump to the bottom.

Yes, Netgear's SSL certificate situation is a mess. Many years ago, Netgear managed to register an SSL certificate that covered a bunch of URL's, including routerlogin.com, routerlogin.net, orbilogin.com, orbilogin.net.. (and some more). In August 2019, that SSL certificate expired and was not renewed. There has never been an explanation. Some think that Netgear simply forgot to renew it. Others think that the certificate authority refused to renew it for some reason. (Perhaps other router manufacturers claimed it was unfair for Netgear to 'own' routerlogin.com. Perhaps they realized that all those 1,000's of web sites claiming to be routerlogin.com are not really Netgear. Late in 2019 Netgear released new firmware which included a self-signed SSL certifiate.

The goofy part is that the router never sends the URL routerlogin.com (orbilogin.net, etc.) to a DNS server to be resolved. (Which IP would a DNS authority say it points to?) The router intercepts the DNS request and says, "that is ME". And, the SSL certificate doesn't matter because the router web management is not a secure web site. (It is http, not https)

All was good until web browsers decided to prioritize secure web sites over plain web sites. Chrome, Edge, Firefox, Opera, Safari... all of them decided to first look for a secure web site before looking for what the user typed in. So, if the user wants to open http://ford.com, the browser first looks for https://ford.com. If that URL exists, the browser opens it. If not, then it tries the insecure web site.

For some reason, when your devices try to open web sites, there is an error that causes the web browser to be redirected to the Orbi web management system. The browser tries to open 192.168.1.1 as a secure web site and receives that self-signed SSL certificate. But browsers do not trust self-signed SSL certificates, so the browser says, "ALERT ALERT UNSAFE GO BACK GO BACK"

There is usually a tiny link somewhere on the page that allows the user to tell the browser, "yes, I know it is unsafe, but I want to go there anyway. Just open the web page." Can you try that and report what comes up?
- Ayebeegee
  Guide
  Feb 19, 2022
  Thank you so much for that comprehensive response. I had seen some snippits of it in google searches about this problem but never in one concise note like that.
  
  When I get that error, I can click advanced and then proceed. However, that shows a curious thing -- I get the URL in question (say, google.com) and a login prompt.
  
  Now I wish that I had the authority to be an admin for google.com but I don't. So I put in my orbi username/pwd on a lark and it took me to the orbi page rather than the url that it showed it was trying to resolve.
  
  For some reason, some series of reboots / time / it knowing that it was about to be thrown away has caused this to not be an issue currently, but I am worried about it returning and I don't have any idea what I did / didn't do to fix it.
  
  Thanks so much for the suggestion, though.
  - CrimpOn
    Guru
    Feb 19, 2022
    Was there anything interesting on the Orbi page?
    
    (just personally....) I find this situation very confusing for the user. The web browser appears to be confused and now is trying to load two web pages: (1) the original target URL, and (2) some page on the Orbi administrative web site. Orbi requires a login for access, so the browser pops that up. What a mess!
    
    We appear to be no closer to an explanation for how this situation came to exist. It clearly seems to affect only WiFi client devices.
    
    The absolutely, "please don't make me do it", last resort is to do a factory reset on the router. I hate doing this.

Forum Discussion