NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
beezer
Apr 27, 2019Apprentice
WC7500 SSL Certificate is hacked!
(This is actually for the WC7500 but the drop-down won't let me select that)
I have a very strange self-signed SSL cert on my wc7500. I cannot replace it, b/c the system wants something that is n...
- Oct 16, 2019
Well, after all this time, the "solution" is that they have a firmware upgrade (6.5.5.18) that provides a *different* self-signed certificate in response to a TLS request.
You still cannot use PKI.
The documentation for the WC7500 certificate page still says "This page lets you to add certificates to WC7500." (not English)
The documentation for the Password field still says "This is the password for WC7500 Certificates" (certificates don't have passwords)
The documentation for the Controller Key field still says "Enter the Controller Key", etc. (not even slightly helpful)
If you tell it to boot or update "now" it schedules it for some time in the future or past, depending on your current offset from GMT.
This firmware is such a hack on its surface it is impossible to trust that it is appropriate, in terms of security, reliability, or functionality, to use in any professional environment.
beezer
Apr 28, 2019Apprentice
Apparently the graphic doesn't show in my post. If not hacked, at least suspicious and no way I can trust it:
E = Support@firetide.com
CN = Dexter
OU = Engineering
O = Firetide Inc.
L = Bangalore
S = Karnataka
C = IN
I tried a PEM with just the private key for the Controller Key and it won't validate (Validation of Controller Key/Cert/CA Cert failed).
schumaku
Apr 28, 2019Guru - Experienced User
Stick to 2048 bits, nothing "exotic" like EC and the like, and upload all three.
- beezerApr 29, 2019Apprentice
No, not elyptical... I'm using Base64 encode; does it only work with HEX?
The cert is generated by a Windows CA, so there is a template, EKU server code, etc. If those are a problem, I'll need a cookbook to do this the non-MS way.
The -----BEGIN RSA PRIVATE KEY----- is just a blob of 2048 bits, so it's not interesting (and I really don't want to publish a private key).
Here is the ASN for the certificate:
and here for the CA:
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!