NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Routerlogin.net certificate “not trusted”
In the Orbi app on my iPhone I was viewing a list of all my family's devices connected to our wi-fi. I turned one older device off, sliding the green button to the right in the Orbi app. Then, I chan...
Questions about the Orbi "app" usually get a more informed response if posted in the forum specifically for the app:
https://community.netgear.com/t5/Orbi-App/bd-p/en-home-orbi-app
It's not that we don't care or want to help.
The simple fact is that most of the people who participate in this forum use the web interface and have little experience with the "app".
Second, yes, the Orbi SSL certificate cannot be "trusted" because it is self-signed. (not from a "Certificate Authority")
Over a year ago (August 2019) the certificates that Netgear had registered for a bunch of internet domains (routerlogin.net, orbilogin.com, orbilogin.net, etc.) expired and were not renewed. As far as I know, there has never been an explanation. Perhaps Netgear forgot to renew them. Perhaps the Certifiate Authorities said, "nothing doing". After all, these certifiates are not protecting a Netgear web server. They are protecting thousands of web servers owned by thousands of random people. Anyway, after months of fussing with the problem, Netgear created "self-signed" SSL certificates for orbilogin.com, orbilogin.net, routerlogin.net, etc.
About this time, web browsers became conditioned to avoid "http" web sites and seek out "https" web sites instead. So, the user types in "http://orbilogin.net" and the browser says, "hmmm. wonder if there is an httpS://orbilogin.net? That would be 'secure'. Look, there IS one. Oh, rats, it has an SSL certificate that is self-signed and cannot be trusted."
Whew. Sorry. Just ignore the message.
Questions about the Orbi "app" usually get a more informed response if posted in the forum specifically for the app:
https://community.netgear.com/t5/Orbi-App/bd-p/en-home-orbi-app
It's not that we don't care or want to help.
The simple fact is that most of the people who participate in this forum use the web interface and have little experience with the "app".
Second, yes, the Orbi SSL certificate cannot be "trusted" because it is self-signed. (not from a "Certificate Authority")
Over a year ago (August 2019) the certificates that Netgear had registered for a bunch of internet domains (routerlogin.net, orbilogin.com, orbilogin.net, etc.) expired and were not renewed. As far as I know, there has never been an explanation. Perhaps Netgear forgot to renew them. Perhaps the Certifiate Authorities said, "nothing doing". After all, these certifiates are not protecting a Netgear web server. They are protecting thousands of web servers owned by thousands of random people. Anyway, after months of fussing with the problem, Netgear created "self-signed" SSL certificates for orbilogin.com, orbilogin.net, routerlogin.net, etc.
About this time, web browsers became conditioned to avoid "http" web sites and seek out "https" web sites instead. So, the user types in "http://orbilogin.net" and the browser says, "hmmm. wonder if there is an httpS://orbilogin.net? That would be 'secure'. Look, there IS one. Oh, rats, it has an SSL certificate that is self-signed and cannot be trusted."
Whew. Sorry. Just ignore the message.
Thanks for the reply, but I just can't wrap my head around the idea that using an app in the way it was intended would cause JUST my phone (none of our other devices) to not trust the netgear certificate and not be able to use wifi through our Orbi routers. I called Orbi's customer service and was told I'd need to pay $90 or more for software assistance.
I DID love our Orbi but have lost my trust may end up returning them for a different brand.
If your using Apple product and iOS 14 on your phone, then this is a Apple issue. Apple has implemented newer security features on there products which are causing problems for older and current apps and there iOS to report these as security problems.
For the web page and certificate, most web browser report this and some are also wanting to use a more secure connection to the routers web page. Honestly, this isn't a major concern for most home users as there is usually only one person managing the routers web page and features and doing only one log in. Anyone doing nefarious things would have to be on the LAN side to try anything with the routers web page. Thus the HTTPS isn't really needed when users are manageing the router from home.
Good Luck in your endeavours.
