NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unable to connect via WiFi - invalid certificate
This is a continuation of this post: https://community.netgear.com/t5/Orbi/Unable-to-connect-via-WIFI-b-ut-LAN-Invalid-security-certificate/m-p/2088811 * This happens on all websites and multiple w...
- I'm sure this is related to HSTS.
Most sites now force https and the built-in Orbi certificate is not valid, therefore the browser throws a warning.
Why does this only happen over wireless and why does this also block the MAC address?
Is there a way to update the cert via a serial (telnet) connection to the router?
the cert is built into the firmware, so could only one of the satellites and an invalid cert?
Could it be that one of the satellites
The key question here is why these Orbi systems are capturing normal web traffic like some wireless clients. This should never happen, except under some error conditions e.g. where the Internet is not reachable and some captive actions become active in the normal Internet data path.
For normal traffic and internet usage, there is zero relevance to the certificate on these devices. Sure, if this happens and the user is active on a HSTS site, the device Web browser needs to complain. But again, this isn't the key issue here.
Blanca_O KevinLiT please investigate - these seem to be some long term unresolved issues here.
I fear there is something unique about this particular system, rather than a generic problem. I have exactly the same router and satellite, on the same firmware. But this phenomenon does not happen to me. (or, I suspect, to thousands of other Orbi owners. If every RBR50 did this, the outcry would be tremendous.)
When someone reports a problem, my first step is to attempt to replicate the problem. When they are using a different router or different firmware, that makes replication difficult. When they have exactly the same equipment and firmware, not being able to cause the same thing to happen is a major stumbling block.
These kind of phenomena are hanging around in the communities like ghosts re-appearing. When I'm talking bout these Orbi systems it's about this customer installed base.
- thanks for all the fast replies. The Netgear community does a great job supporting itself.
Here are some more forensics:
* This only happens for wireless connections, but not all wireless connections.
* I have set Access control to deny new devices
* A device which had previously been allowed to connect will navigate to a website (e.g. fast.com) and the browser will show the invalid certificate error.
* Viewing the certificate shows that it is the router login certificate and that it is being rejected because it is self signed
* Telling the browser to go there anyway brings up the red and black router screen saying this device is blocked through Access control.
* HERES WHATS REALLY INTERESTING: using an ethernet connection to my LAN, and using multiple browsers to log into the admin homepage for my two satellites and the router itself, I see that the satellite, or the router, to which the device is connected indicates that the device is blocked, but the other two indicate that the device is allowed. After a few minutes all three mesh points indicate that the device is blocked.
* This happens with devices like smart TVs and smart speakers, but since they do not have a browser I cannot confirm the invalid certificate from the device itself
It seems that the invalid certificate and the ACL blocking are related. I assume the invalid certificate triggers the ACL block, but I cannot prove that.
I also don't understand why the router certificate is being presented to the browser for HSTS sites, but I am not a network expert so that may be proper behavior.
This seems to have only become an issue with the latest automatic firmware update. I would revert to a previous firmware version but I know that would be a temporary fix since firmware is automatically updated.
Bottom line is I need to solve both the invalid certificate and ACL issues so that my network is usable and any suggestions are welcome.
jkevincook wrote:.
* I have set Access control to deny new devicesAs an experiment, could you disable Access Control? Over the years, I have seen countless posts on the forum regarding issues with Access Control. It is estimated that my complicated 24 character password will take about 4 billion years to crack. I know if the NSA wants to break into my WiFi system, they "have their ways", but my neighbors certainly do not.
Did we establish if Armor or Parental Controls are enabled on this system?