NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
beezer
Apr 27, 2019Apprentice
WC7500 SSL Certificate is hacked!
(This is actually for the WC7500 but the drop-down won't let me select that)
I have a very strange self-signed SSL cert on my wc7500. I cannot replace it, b/c the system wants something that is n...
- Oct 16, 2019
Well, after all this time, the "solution" is that they have a firmware upgrade (6.5.5.18) that provides a *different* self-signed certificate in response to a TLS request.
You still cannot use PKI.
The documentation for the WC7500 certificate page still says "This page lets you to add certificates to WC7500." (not English)
The documentation for the Password field still says "This is the password for WC7500 Certificates" (certificates don't have passwords)
The documentation for the Controller Key field still says "Enter the Controller Key", etc. (not even slightly helpful)
If you tell it to boot or update "now" it schedules it for some time in the future or past, depending on your current offset from GMT.
This firmware is such a hack on its surface it is impossible to trust that it is appropriate, in terms of security, reliability, or functionality, to use in any professional environment.
schumaku
Apr 27, 2019Guru - Experienced User
Why hacked? All WC are coming form the factory with a self-signed certificate, which is suggested to be replaced. Provide details ...
Wireless Controller User Manual Models WC7500, WC7600, WC7600v2, and WC9500 p.114 ff., Manage Certificates
Controller Key is most likely) the private key.
Controller Certificate is a certificate without the private key and without an unlock password.
- beezerApr 28, 2019Apprentice
Apparently the graphic doesn't show in my post. If not hacked, at least suspicious and no way I can trust it:
E = Support@firetide.com
CN = Dexter
OU = Engineering
O = Firetide Inc.
L = Bangalore
S = Karnataka
C = IN
I tried a PEM with just the private key for the Controller Key and it won't validate (Validation of Controller Key/Cert/CA Cert failed).
- schumakuApr 28, 2019Guru - Experienced User
Stick to 2048 bits, nothing "exotic" like EC and the like, and upload all three.
- beezerApr 29, 2019Apprentice
No, not elyptical... I'm using Base64 encode; does it only work with HEX?
The cert is generated by a Windows CA, so there is a template, EKU server code, etc. If those are a problem, I'll need a cookbook to do this the non-MS way.
The -----BEGIN RSA PRIVATE KEY----- is just a blob of 2048 bits, so it's not interesting (and I really don't want to publish a private key).
Here is the ASN for the certificate:
and here for the CA:
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!