NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi 860 port forwarding - reverse proxy setup - routerlogin.net ssl error
Hi All. I'm switching from a google nest mesh system to the 860. While I expected some issues, I am having an issue that might be a hard pass on the 860 if I can't resolve it. SSL certs seem to b...
- Thanks, yeah...I concluded the same thing after reading all of the issues with that cert. Incredible to me that such a high dollar product has this basic of an issue.
I'm going to use these in AP mode and opnsense for routing. It adds complexity but also I can define precisely how traffic is routed, albeit with significantly more work.
It's working fine so far. But I am still hesitant on keeping this system.
Thanks for your input!
Thanks for your help. FW: V7.2.6.31_5.0.24, ISP is Spectrum, all protection is off.
Interestingly, previous SSL certs go through with no issues. But LetsEncrypt can't verify new cert requests when this new Orbi 960 is being used.
I've read about that internal cert. It sounds ridiculous, actually.
Changing DNS providers (like switching to my pi-hole servers) often requires resetting the port forwarding to remove that internal SSL error.
I'm wondering though, really, whether this system is best for anyone doing more advanced web services or hosting? The internal cert issue will never completely go away, I'm guessing.
Interestingly, previous SSL certs go through with no issues. But LetsEncrypt can't verify new cert requests when this new Orbi 960 is being used.
I've read about that internal cert. It sounds ridiculous, actually.
Changing DNS providers (like switching to my pi-hole servers) often requires resetting the port forwarding to remove that internal SSL error.
I'm wondering though, really, whether this system is best for anyone doing more advanced web services or hosting? The internal cert issue will never completely go away, I'm guessing.
Probably not.
I see the cert error then just ignore it in my browsers. I'm the only one managing the router for my home.
Can try newer FW that released last week.
These systems are meant home general home usage, gaming and streaming and such. May not be best for web hosting and services for a business.
- Thanks, yeah...I concluded the same thing after reading all of the issues with that cert. Incredible to me that such a high dollar product has this basic of an issue.
I'm going to use these in AP mode and opnsense for routing. It adds complexity but also I can define precisely how traffic is routed, albeit with significantly more work.
It's working fine so far. But I am still hesitant on keeping this system.
Thanks for your input!Good Luck.
cmrho wrote:
Incredible to me that such a high dollar product has this basic of an issue.My impression is that Netgear is "boxed in a corner". Many years ago, Netgear registered a number of internet domains with an SSL certificate authority, including routerlogin.com, routerlogin.net, orbilogin.com, and orbilogin.net. Netgear set up a process to intercept DNS queries for those special URLs and return the IP address of the router itself. With these domains "officially certified", web browsers were happy to connect to the https version of the web interface.
Never mind that the SSL authority was certifying, "This web connection is safe because we know that this web server belongs to Netgear, headquartered in San Jose, California." Really? When those SSL certificates expired, Netgear could not renew them. Poof. Gone. Their response was to include a self-signed certificate in the router firmware.
A couple of years ago, web browsers started getting really picky about accessing web sites:
- If the user attempted http access (unencrypted), then the browser would scream, "Warning. Unsafe. Unsafe."
Never mind that (a) the user is connected locally to the router, and (b) that makes it nearly impossible for anyone to intercept the communication between web browser and web server. - Also, when the user attempts https access (encrypted), browsers now scream ("Warning. Self-signed Certificate. Unsafe. " Never mind that this communication is not only (a) local, (b) almost impossible to intercept, but also (c) encrypted.
I see this as a consequence of web browsers being so damn concerned about protecting users.
- Thanks for the info! Seems so, so weird to me...
- If the user attempted http access (unencrypted), then the browser would scream, "Warning. Unsafe. Unsafe."
