NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS308T Uses Internally Created SSL Certificates Instead of Certificates That I Upload
I have a GS308T on Boot Version 1.0.0.1 and Software Version 1.0.5.6. After disabling HTTPS Admin Mode, I went to the Maintenance > Update > HTTP Firmware/File Update menu, I have uploaded my certificate authority/intermediate authority PEM file using the "X.509 Public Certificate PEM" File Type. I also uploaded the server certificate/key PEM that I generated for the switch using the "X.509 Certificate Private Key PEM" File Type. I also generated a 512 bit Weak DH PEM file and a 1024 bit Strong DH PEM file and uploaded both file types using the same menu.
After doing all of this, I enable Admin Mode in HTTPS and then try navigating to the switch using HTTPS. I get a warning from my browser about a self-signed certificate. When I view the details of the certificate, it isn't the certificate information that I uploaded, it is from one that appears to have been automatically generated by the switch.
I know it is possible to do this because I did it last year when I first generated the certificates. I thought I followed the same process after renewing the certificates and trying to upload them again. However, even if I use the old certificates, the system always defaults to certs generated by the switch. The only thing that has changed is that I'm on a newer Software Version. Has anyone been able to successfully upload their own certs on a GS308T?
It appears that I have found the issue. The "X.509 Public Certificate PEM" shouldn't be my certificate authority/intermediate authority but rather just the certificate created for the switch. The "X.509 Certificate Private Key" shouldn't be the combined switch certificate and the key but rather just the key.
I had read some other topics on this issue in another forum that appear to have not been the correct instructions. I thought they would be similar because it was a similar product but that was not the case. Once I uploaded the Public Cert and the Private Key as well as the DH files and then enabled HTTPS, everything was working as expected.
1 Reply
It appears that I have found the issue. The "X.509 Public Certificate PEM" shouldn't be my certificate authority/intermediate authority but rather just the certificate created for the switch. The "X.509 Certificate Private Key" shouldn't be the combined switch certificate and the key but rather just the key.
I had read some other topics on this issue in another forum that appear to have not been the correct instructions. I thought they would be similar because it was a similar product but that was not the case. Once I uploaded the Public Cert and the Private Key as well as the DH files and then enabled HTTPS, everything was working as expected.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
