NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
WC7500 SSL Certificate is hacked!
(This is actually for the WC7500 but the drop-down won't let me select that)
I have a very strange self-signed SSL cert on my wc7500. I cannot replace it, b/c the system wants something that is n...
Well, after all this time, the "solution" is that they have a firmware upgrade (6.5.5.18) that provides a *different* self-signed certificate in response to a TLS request.
You still cannot use PKI.
The documentation for the WC7500 certificate page still says "This page lets you to add certificates to WC7500." (not English)
The documentation for the Password field still says "This is the password for WC7500 Certificates" (certificates don't have passwords)
The documentation for the Controller Key field still says "Enter the Controller Key", etc. (not even slightly helpful)
If you tell it to boot or update "now" it schedules it for some time in the future or past, depending on your current offset from GMT.
This firmware is such a hack on its surface it is impossible to trust that it is appropriate, in terms of security, reliability, or functionality, to use in any professional environment.
Update: We were told to wait for the new firmware to solve this problem (since April '19) on a certificate that is now weeks away from expiration (Nov '19). Unfortunately, it will not load on my WC7500.
Incidentally, the WC7500 that exhibited this flaw failed, and they RMA'd me a new one ... also with the certificate from Bangalor, about to expire.
What a clown show.
Well, after all this time, the "solution" is that they have a firmware upgrade (6.5.5.18) that provides a *different* self-signed certificate in response to a TLS request.
You still cannot use PKI.
The documentation for the WC7500 certificate page still says "This page lets you to add certificates to WC7500." (not English)
The documentation for the Password field still says "This is the password for WC7500 Certificates" (certificates don't have passwords)
The documentation for the Controller Key field still says "Enter the Controller Key", etc. (not even slightly helpful)
If you tell it to boot or update "now" it schedules it for some time in the future or past, depending on your current offset from GMT.
This firmware is such a hack on its surface it is impossible to trust that it is appropriate, in terms of security, reliability, or functionality, to use in any professional environment.
beezer wrote:The documentation for the Password field still says "This is the password for WC7500 Certificates" (certificates don't have passwords).
Hm, yes and no - you can protect the private key using a password. If it makes a lot of sense to request a certificate with a password protected private key and then permanently store the password (instead of requesting it at boot time) is more than disputable.
beezer wrote:This firmware is such a hack on its surface it is impossible to trust that it is appropriate, in terms of security, reliability, or functionality, to use in any professional environment.
+10000
RaghuHR can you please explain on how we should create certificates - e.g. on a pure OpenSSL PKI environment, or by certificate requests (how again please?) for letting the sign by a public (or internal) CA?
Schumaku, you make a good point about certificate passwords. A reasonable person might just assume that in the total absence of documentation.
Unfortunately -- and we found this through trial and error because I was not allowed to talk to anyone who knows -- the only password that we ever got it to accept was the login password for the unit. At which point, there is no affirmative message, so we have NO IDEA what it did once it accepted the three files.
So, the reasonable assumption that this refers to a password on a certificate store is, in this case, another example of how the software is counter-intuitive.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
