NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

crazyNetPacket's avatar
crazyNetPacket
Follower
Mar 14, 2016

GS724TP - secure connection to admin interface (TLS?)

Hello everyone,

 

Does anyone know if its possible to enables some kind of secure connection to the GS724TP, like TLS?

 

Thank you.

 

Security

2 Replies

  • JohnRo's avatar
    JohnRo
    NETGEAR Employee Retired
    Mar 14, 2016

    Hello crazyNetPacket, 

     

    Welcome to the community! 

     

    I have not seen one so far especially for this model. I'm sure this switch will be behind a firewall, are you planning to manage it remotely? 

     

    Looking forward to your response. 

     

    Thanks, 

  • Alan_Bolster's avatar
    Alan_Bolster
    Aspirant
    Mar 17, 2016

    Hi crazyNetPacket,

     

    I've been experimenting with this on various Netgear switches and my success has been variable. I started a thread recently myself, asking about whether the M7100 switches support anything later than TLS 1.0 (https://community.netgear.com/t5/Managed-Switches/M7100-24X-No-support-for-TLS-1-2-on-management-connections/td-p/1060963).

     

    With the GS724T switches, my success has depended upon the specific model. The more modern versions, like the GS724Tv4, seem to accept our certificate without much problem. Older versions seem to be a bit more difficult.

     

    We don't have any GS724TP switches, but we do have a couple of GS728TPs. These fall into the problematic category for us. The certificate management page (Security->Access->Certificate Management) looks like this:

    certtext.JPG

     

    As you can see, the certificates and keys need to be copied as text into the relevant fields. The ones displayed in the screenshot are automatically generated by the switch. The problem that I've been having is that I am trying to use our company's wildcard certificate which we bought from DigiCert. We have the certificate and private key in the correct format, but the public key doesn't seem to work. The public key which we have extracted from our certificate using OpenSSL starts with "-----BEGIN PUBLIC KEY-----", not "-----BEGIN RSA PUBLIC KEY", i.e. it wants a PEM DER ASN.1 PKCS#1 RSA Public key, not a X.509 SubjectPublicKeyInfo/OpenSSL PEM public key.

     

    As yet, I have not been able to find a way to convert our X.509 public key into a PKCS#1 public key (or extract a PKCS#1 key from our certificate).

     

    If you are happy to to use the switch's automatically generated certificate, you can avoid all this hassle. You will get a certificate warning each time you connect to the switch because it is not a trusted certificate, but your connection will be encrypted (albeit only with TLS 1.0). You can probably avoid the connection warning if you install the certificate in your computer's Trusted Root Certification Authorities store.

     

    Hope this helps.

     

    Alan.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More