NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS318N csr signed by Openssl intermediate CA not accepted
Hello all, I have a FVS318N router, frmware 4.3.4-2. I have generated a certificate signing request (CSR) from the firewall (SHA-1 + RSA2048). I have issued certificates: using openssl and my...
rtr,
I have inquired your concern to a higher tier of NETGEAR Support and here below are the answers to your queries:
1. Are Intermediate CAs issued certificates supported by the Netgear CSR?
Answer: No, We do not support intermediate CA.
2. The certificate the client has uploaded is used now for the administration interface, which is unwanted. The client would want to add an IPSEC only certificate which does not interfere with the SSL certificate. What key Usage/Extended key usage to add or exclude?
Answer: No, Currently our devices don’t have such setting Key usage/ extended key usage by which a single certificate can be made available only for SSL or only for IPSEC.
3. The documentation refers to IPSEC VPN extKeyUsage (EKU). AFAIK the IPSEC specific EKUs have been deprecated long ago and should no longe be used. The IPSEC VPN OIDs are not mentioned in the Netgear doc, does anyone know what do they mean?
Answer: We do not have any OIDS support.
4. Is there any way to grab more information (ie: logs) of what happens inside for certificate management? The firewall has a serial port and the client has a PC with a serial port on. Can it be used to log anything useful there?
Answer: No, we do not have this debug logs support by default in firmware.
Regards,
DaneA
NETGEAR Community Team
Hi rtr,
We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.
If your issue is now resolved we encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The Netgear community looks forward to hearing from you and being a helpful resource in the future!
Thanks,
Hello JohnRo
I don't mind closing somehow this thread ( don't know how), but I can't choose any of the answers as "solution".
I had the acknowledged that the current certificate implementation is severely limited and not even up to what Netgear documentation claims.
There's no solution so far, and not much hope for one either: all depends on "Idea Exchange Board for Business" etc.
I give up, but there's no button to close the thread this way :)
DaneA, You - and maybe others - do a great job to monitor and answer, I really appreciate and thank you for your effort to have things sorted out
Overall I'm disappointed by the support for the firmware of the product. "we have firmware problems for a lifetime guaranteed item and we won't fix except maybe if one gets enough votes etc " from the firmware maintainer is ... disappointing.
rtr
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
