NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unable to connect via WiFi - invalid certificate
This is a continuation of this post: https://community.netgear.com/t5/Orbi/Unable-to-connect-via-WIFI-b-ut-LAN-Invalid-security-certificate/m-p/2088811
* This happens on all websites and multiple wifi devices
* This only happens over wifi not Ethernet
* The devices have previously been allowed through access control
* The MAC address has not changed (I explicitly noted the MACs to confirm this )
The router is doing something based on the device. Netgear support won't help me since my support contract has conveniently expired.
Can someone from Netgear respond to this and suggest a fix?
My firmware is up-to-date.
I have an Orbi RBR50 v2.7.4.24
RBS50 satellite firmware V2.7.4.24
RBS40v firmware v2.6.2.8
* This happens on all websites and multiple wifi devices
* This only happens over wifi not Ethernet
* The devices have previously been allowed through access control
* The MAC address has not changed (I explicitly noted the MACs to confirm this )
The router is doing something based on the device. Netgear support won't help me since my support contract has conveniently expired.
Can someone from Netgear respond to this and suggest a fix?
My firmware is up-to-date.
I have an Orbi RBR50 v2.7.4.24
RBS50 satellite firmware V2.7.4.24
RBS40v firmware v2.6.2.8
- I'm sure this is related to HSTS.
Most sites now force https and the built-in Orbi certificate is not valid, therefore the browser throws a warning.
Why does this only happen over wireless and why does this also block the MAC address?
Is there a way to update the cert via a serial (telnet) connection to the router?
the cert is built into the firmware, so could only one of the satellites and an invalid cert?
Could it be that one of the satellites
10 Replies
- I'm sure this is related to HSTS.
Most sites now force https and the built-in Orbi certificate is not valid, therefore the browser throws a warning.
Why does this only happen over wireless and why does this also block the MAC address?
Is there a way to update the cert via a serial (telnet) connection to the router?
the cert is built into the firmware, so could only one of the satellites and an invalid cert?
Could it be that one of the satellitesThe key question here is why these Orbi systems are capturing normal web traffic like some wireless clients. This should never happen, except under some error conditions e.g. where the Internet is not reachable and some captive actions become active in the normal Internet data path.
For normal traffic and internet usage, there is zero relevance to the certificate on these devices. Sure, if this happens and the user is active on a HSTS site, the device Web browser needs to complain. But again, this isn't the key issue here.
Blanca_O KevinLiT please investigate - these seem to be some long term unresolved issues here.
I fear there is something unique about this particular system, rather than a generic problem. I have exactly the same router and satellite, on the same firmware. But this phenomenon does not happen to me. (or, I suspect, to thousands of other Orbi owners. If every RBR50 did this, the outcry would be tremendous.)
When someone reports a problem, my first step is to attempt to replicate the problem. When they are using a different router or different firmware, that makes replication difficult. When they have exactly the same equipment and firmware, not being able to cause the same thing to happen is a major stumbling block.
jkevincook wrote:
Netgear support won't help me since my support contract has conveniently expired.
Can someone from Netgear respond to this and suggest a fix?Netgear support staff do not participate in the community forum. (with the exception of forum moderators who are tasked with maintaining the mechanics of the forum. The moderators occasionally respond to specific issues, but the intention is for the customers to talk amongst themselves.
jkevincook wrote:
Is there a way to update the cert via a serial (telnet) connection to the router?
the cert is built into the firmware, so could only one of the satellites and an invalid cert?
No. There is no way to replace the SSL certificate embedded in the firmware.
No chance that one satellite will have an invalid cert.
Some thoughts:
- Although the problem may appear to be identical to a conversation from 18 months ago, it might be useful to describe the situation in a bit more detail. My RBR50 with the same firmware definitely causes modern web browsers to complain about the self-signed SSL certificate. However, choosing the option "go there anyway" stops the browser from complaining.
- If I read that conversation correctly, it appears that doing a Factory Reset on the router cured the problem.
(Maybe I misread. Even so, when a problem resists every other attempt to fix it, a Factory Reset is almost always suggested.) - It is a puzzle to me that the complaint is that (in the referenced conversation) the complaint is that Google.com cannot be trusted, but the invalid cert is clearly the self-signed Netgear cert on the router. Could clearing browser cache perhaps be a solution?
