NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MS108EUP Switch and WAX630E https certificates
Hello guys,
I am having some issues setting up https ssl certificates for these new devices I bought, everything else is working perfectly.
About the MS108EUP switch, whatever PEM i try to create i am always getting the invalid format error, no matter what i try. Even if i let the switch generate a certificate and then upload it manually back, i get an error too. I would like to use my self signed one with my CA.
For the AP WAX630E is it even possible to do https? I don't see any option for it, i just see an FQDN setting which btw doesn't even accept my LAN custom domain.
Thanks for the help
5 Replies
ugale11 wrote:
About the MS108EUP switch, whatever PEM i try to create i am always getting the invalid format error, no matter what i try. Even if i let the switch generate a certificate and then upload it manually back, i get an error too. I would like to use my self signed one with my CA.
Try not going beyond of SHA 256 and RSA 2048 to start with on the switches.
ugale11 wrote:
For the AP WAX630E is it even possible to do https? I don't see any option for it, i just see an FQDN setting which btw doesn't even accept my LAN custom domain.
Just with the default self-sighed certificates I fear. Netgear has apparently not implemented anything useful on the WAX6xx, neither the ability to neither create CSRs nor the ability to generate self-signed certificates nor the ability to import PKI signed certificates. Sigh 8-(
Then again, for the (in my opinion strange, like for a Web host) FQDN input field [the AP must be accessed using exactly this domain as configured, Netgear appears to see this as kind of an additional security [by obscurity] feature! But then, this appears to be limited somehow, we can't just "randomly" define FQDNs, and without random selected domains. Admit, I have not seen exact rules or documentation what is accepted there. Will try to challenge Netgear again on these subjects 8-)
ugale11 wrote:Hello guys,
I am having some issues setting up https ssl certificates for these new devices I bought, everything else is working perfectly.
About the MS108EUP switch, whatever PEM i try to create i am always getting the invalid format error, no matter what i try. Even if i let the switch generate a certificate and then upload it manually back, i get an error too. I would like to use my self signed one with my CA.
For the AP WAX630E is it even possible to do https? I don't see any option for it, i just see an FQDN setting which btw doesn't even accept my LAN custom domain https://9apps.ooo/ .
Thanks for the help
I got this,...
ugale11 wrote:
ugale11 wrote:
which btw doesn't even accept my LAN custom domain 9apps.ooo .
I got this,...
Ok, excellent discovery, thank you!
Multiple things are coming together here:
- Netgear does apparently not accept perfectly valid Internet top-level domains like your .ooo
- None of the WAX6xx does accept your valid domain currently, clearly a non-allowed restriction, to be addressed by Netgear. I'll push this to Netgear on a different channel, but I'll allow tag RaghuHR here.
- Not a factor here, however this FQDN is the one intended to reach the WAX6xx admin Web UI - it might be cumbersome (not forbidden however) not using a host level domain for each host to be addressed, like wax630a.9apps.ooo for example
Regards,
-Kurt
MS108EUP switch: Check certificate format requirements and integrity. Contact manufacturer support if issues persist. AP WAX630E: Confirm HTTPS support and troubleshoot FQDN setting. Contact manufacturer support for assistance.
nomijack wrote:
MS108EUP switch: Check certificate format requirements and integrity. Contact manufacturer support if issues persist. AP WAX630E: Confirm HTTPS support and troubleshoot FQDN setting. Contact manufacturer support for assistance.
I admit the Netgear documentation is useless in this aspect - simply because it's missing what is supported, and what can be uploaded.
For about a decade, I'm challenging Netgear to change, and implement a proper https environment. Would love to help you as the Netgear customer, admit, based on what you supplied it's as impossible as it is in the docs. Said that: Very unlikely you can throw -anything- and expect it to load and enable (https hopefully). JohnHenkel
Keep in mind the community is not Netgear Support ...
All I can tell you neither the MS108EUP nor the WAX630E are on the EoL list, otherwise we would be old Netgear stopped any updates - the only slightly meaningful help (along with the hint to contact Netgear Support) we get from the Netgear Community Moderators here. Feels like I'm wasting my time here, sorry nomijack
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
