Confusing typos in HTTPS certificate upload page

---

AWBbox wrote:

"SSL Trusted Root Certificate PEM File" should be used for the X.509 Public Certificate PEM File, and "SSL Server Certificate PEM File" should be used for the X.509 Certificate Private Key PEM File.

Correct, that's is the wording also used in the online (?) Help.

 

 

Can't see any kind of typos or errors, just slighty different wordings - any all are correct IMHO.

 

It's the CA Certificate and device Certificate signed by that same CA, including the private key (sigh, which should never leave the device!).

 

Needless to repeat neither Netgear nor the OEM (despite exchanging emails and explaining many times) seems to understand on how a private key should be generated - in an isolated environment.   

 

There are a hand full entities required, everything is well documented in the CMP and LCMP (Lightweight Certificate Management Protocol (CMP) profiles. Why ever it is so difficult to implement that, and let the user input some data required, and allow a simple click to generate a Certificate Signature Request is beyond me. Other vendors can do this for some 10+ years, Netgear is massively bihind oif the moon. (ok, most vendoors which have it - for some that happened was under my guidance) 

 

Regards,

-Kurt.

 

 

---

AWBbox wrote:

Also, TFTP is insecure and should not be used to transfer private key files. Please could a secure alternative be implemented?

---

A complete https implementation would allow that in a reasonable way.

 

Most environments however don't have a PKI infrastructure.

 

Leaving this away, I'll request a moderator to move this thread toi the more appropriate section, since this isn't a Managed Switch class device, to the Plus and Smart Switches Forum section to discuss these.