NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)
I have the FVS336G installed to load balance between two internet providers (small office) The admin page is SSL secured with a self signed NetGear CA certificate - After I add this certificate into...
Hi woodd,
The FVS336Gv1 does not have a console port whereas both the FVS336Gv2 and FVS336Gv3 does have a console port. However, there is still no option to update the admin certificate nor swap out the certificate file via a console connection.
As per the CLI reference manual, it says on page 6: "You cannot generate and upload a certificate through the CLI..." You may access the CLI reference manual here.
Regards,
DaneA
Netgear Community Team
Well then -
- let me ask the same question about the FVS336GV3 (or V2).
Can you change the certificate used for the Admin page on the FVS336GV3?
I would like to know that I will not be forced into some perpetual hardware upgrades due to the loss of being able to connect with a browser.
Better yet, if access could optionally be in the clear for LAN connections.
...Dale
Hi woodd,
The FVS336Gv1 does not have a console port whereas both the FVS336Gv2 and FVS336Gv3 does have a console port. However, there is still no option to update the admin certificate nor swap out the certificate file via a console connection.
As per the CLI reference manual, it says on page 6: "You cannot generate and upload a certificate through the CLI..." You may access the CLI reference manual here.
Regards,
DaneA
Netgear Community Team
Hi,
I too have run into the problem that trying to connect results in this message:
"An error occurred during a connection to 192.168.2.1. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) .
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."
I do not know how to update the firmware if that is what it takes, nor update the certificate.
Will this be something I can fix? Or will I need to replace the Firewall? Your response to the original question seems to be that "It cannot be fixed on the Netgear FVS336G Firewall"?
Please help provide a solution as this is my router to my work and I use it all day, every day. No network, no job.
(I only have one old laptop that can still connect, Every other device I have gets the same complaint when trying to connect.)
Thanks for any help you can provide.
MikeHi scsailor,
Kindly answer the questions below:
a. Have you tried using other browsers like Firefox or Safari?
b. What is the Operating System of your old laptop?
c. What is the current firmware of your FVS336G?
d. Did you make any changes on the settings of the FVS336G?
I look forward to your response. Welcome to the community! :smileyhappy:
Regards,
DaneA
NETGEAR Community Team
Hi DaneA,
a. Have you tried using other browsers like Firefox or Safari?
I am using firefox 41.0.2. I've tried setting the about:config security.tls.version.min to 0 and also using the SSL Version Control to enable SSLv3 for a one time connection, but they both failed. (Btw, I also have the same problem with an 802.11 linksys wireless access point.)
b. What is the Operating System of your old laptop?
I had Ubuntu something.31 on an old netbook, but somehow it got updated when someone else was using it and now it fails with something.40. I can borrow another Ubuntu 10.04 based laptop that still connects. My failing laptops are a Windows 7 PRO plus a Surface with Win 10. The Win7Pro system runs OpenSuse under Oracle Virtual Box.
c. What is the current firmware of your FVS336G?
Gee, If I could connect, I could probably find out. :) Using the borrowed laptop I found "System Info"... Name: FVS336G FW Version: 3.0.5-25.
d. Did you make any changes on the settings of the FVS336G?
I'm not sure as you change a lot of things to accommodate various support scenarios. I didn't do anything so advanced that I didn't understand what I was doing (which is limited as I'm a kernel engineer, not a network expert). I certainly didn't do anything to mess with security or certificates. I setup things like routing groups directed to either one or the other of the ports as well as running load balancing.
As I mentioned, I'm more than willing to upgrade the hardware to a newer version if I could get a pointer (other than eBay which is not always that reliable.) In the bigger scheme, this hardware is a small part of the overall system setup. I like the dual WAN ports as I have both a standard telcom modem and a cable modem, and the later while faster gets bogged down with traffic esp. starting around 5pm.
And it allows interruptions from either one or the other as they depend on separate power souces for the network infrastructure.
Thanks for any help you can provide! My recreational email address is: sc50sailor at gmail.com if needed.
Regards,
Mike
Santa Cruz, CA
Hi Mike;
If you have the V1 variant then I know how you feel.
You will have to hang on to older browser versions that are less concerned about the old certificate in the Firewall.
Its too bad you can't disable SSL on the administration screen if you disable remote access.
The embeded SSL security certificate has many years before it actually expires at which point it does not matter how much you like it - you will not have access to the administration of the box.
I have been using the unit in a home environment where I too use it to connect to work.
One WAN connection is provided by my employer and the other WAN is our home connection.
I use the Firewall to load balance and to ensure data usage does not go over its limit on my employers connection.
In summary - The certificate is what it is and is rapidly loosing favor with the newer browsers.
Get an older version browser and keep it out of the auto update cycle on your computer.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
