NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ERR_SSL_KEY_USAGE_INCOMPATIBLE NETGEAR Nighthawk(R) X4S R7800
Hello,
I can't connect to the GUI of my NETGEAR Nighthawk(R) X4S R7800 via several browsers like Opera, Ecosia etc. and get the Error: ERR_SSL_KEY_USAGE_INCOMPATIBLE
(Firefox works so far)
There are patches for several other devices regarding that issue as I read in this community.
Is there one as well for "NETGEAR Nighthawk(R) X4S R7800"?
I just installed the latest firmware now being V1.0.3.92
Thanks and kind regards
9 Replies
UPDATE:
I figured out that the latest Firmware right now is V1.0.4.96 but the GUI couldn't download and install it for unknown reason. So I downloaded it manually to install it via GUI.
How ever the issue with the "ERR_SSL_KEY_USAGE_INCOMPATIBLE" still exists.
Please if anyone has an idea for a fix!?How ever the issue with the "ERR_SSL_KEY_USAGE_INCOMPATIBLE" still exists.
I am a bit confused, since the R7800 manual says the admin interface uses HTTP, not HTTPS. HTTP doesn't use SSL.
I am seeing the VPN icon in your screenshot. Does this issue only happen when you are connecting remotely through the VPN? Or does it also happen locally with no VPN?
Might give Voxels FW a try.
The R7800 is EoL so won't be seeing anymore FW updates most likely.
Support and End of Service FAQ | NETGEAR Communities
Many Netgear routers support both http and https versions of the web management interface. Many modern versions of web browsers have a setting to automatically convert web addresses into https, which can cause this problem. Sometimes deliberately typing "http://" into the address bar will force the browser to use http.
Many Netgear routers support both http and https versions of the web management interface.
Yeah, I know. But I checked the manual before I made that reply.
The manual doesn't say anything about https, and the remote management section specifically says http.
Normal web browser access uses the standard HTTP service port 80. For greater security, enter a
custom port number for the remote web management interface. Choose a number from 1024 to 65535,
but do not use the number of any common service port.The default is 8080, which is a common alternate
for HTTPUsing http for remote management is IMO a bad idea. But the "solution" here might well be to use the VPN and put http:// in the address bar of these browsers.
Or of course try voxel.
The manual written in 2017 may no longer be entirely accurate. The RBR50 that I purchased in 2016 also had a Remote Management feature very similar to what this R7800 manual describes (although it was https if my memory is correct). When the Orbi 'app' was released, Netgear removed the Remote Management feature. When the Nighthawk 'app' was released to replace Genie, perhaps the same thing happened to this product. Only someone with access to an R7800 can verify what the current firmware does.
My sense is that the OP was not talking about Remote Management.
I still think that the issue is caused by how modern web browsers are almost paranoid in protecting users:
- If they access an http web site, the browser screams, "UNSAFE" because http is not encrypted. There is usually an option (sometimes called "Advanced") to ignore the warning.
- If they access an https web site with a self-signed SSL certificate, the browser screams "UNSAFE" because no certificate authority has vouched for the SSL certificate. Once again, there is usually a way to ignore the warning. YEARS ago, Netgear actually registered SSL certificates for a number of URLs, including routerlogin.com, routerlogin.net, orbilogin.com, orbilogin.net, but when the SSL certificate expired, it was not renewed. (which makes sense because those URLs do not resolve to any device owned and operated by Netgear.)
I have not run Voxel in years. (I LOVE what he has done, but it would be hard to comment on the forum when running third party firmware.) My sense is that web browsers would treat Voxel's web interface the same as they do Netgear's.
- If they access an http web site, the browser screams, "UNSAFE" because http is not encrypted. There is usually an option (sometimes called "Advanced") to ignore the warning.
- If they access an https web site with a self-signed SSL certificate, the browser screams "UNSAFE" because no certificate authority has vouched for the SSL certificate.
Anyone with a ReadyNAS is well acquainted with self-signed cert issues.
- On (1) Chrome, Edge, and Firefox all will connect via http with no screaming if you have http:// in the URL. Just a triangle with "not secure" in front of the URL. Easy to test, just access http://beautifulclearfreshverse.neverssl.com/online/
- On (2), you will get the warning screen with that "advanced" control because there is no CA. Which makes sense for over-the-internet connections, since the warning screen makes man-in-the-middle attacks more difficult.
- There is also the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error that is shown when the web server doesn't support TLS 1.2. That affects ReadyNAS systems running 4.x and 5.x firmware, and there is no way to click through that error.
But OP's error message is different. Googling suggests it occurs when the cert was created without a key usage extension - but there might be other causes. Googling also suggests fixing it by recreating the cert, but AFAIK there is no way to do that with the R7800. There is a workaround for Opera here: https://forums.opera.com/topic/70060/err_ssl_key_usage_incompatible-error-in-opera-browser
But the question remains as to exactly why OP's browsers were using https in the first place. Which is where I was headed in my first response.
Pulled out my R7800 and can still access it's web page from Windows 11 PC using MS Edge on last version of FW released:
