NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
MD5-Signed Certificate Warning with OpenVPN on iOS
As of version 1.2.8 of the OpenVPN app on iOS, OpenVPN issues the following warning:
> WARN TLS: received certificate signed with MD5.
> Please inform your admin to upgrade to a
> stronger algorithm. Support for MD5 will be
> dropped at end of Apr 2018
The warning appears as a modal dialog that interrupts use of the device. If the device is unlocked after a short period of time with the VPN connected, there will typically be multiple modal dialogs. This is an extremely frustrating experience.
There appears to be no way to disable this warning and nothing router owners can do. A similar issue arose earlier for Android users (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-R7000-and-OpenVPN-for-Android-App/m-p/1310857). It is still unresolved at the time of writing.
Netgear needs to issue a firmware update that changes the certificate used for OpenVPN.
> WARN TLS: received certificate signed with MD5.
> Please inform your admin to upgrade to a
> stronger algorithm. Support for MD5 will be
> dropped at end of Apr 2018
The warning appears as a modal dialog that interrupts use of the device. If the device is unlocked after a short period of time with the VPN connected, there will typically be multiple modal dialogs. This is an extremely frustrating experience.
There appears to be no way to disable this warning and nothing router owners can do. A similar issue arose earlier for Android users (https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Netgear-R7000-and-OpenVPN-for-Android-App/m-p/1310857). It is still unresolved at the time of writing.
Netgear needs to issue a firmware update that changes the certificate used for OpenVPN.
FYI, I documented the steps to required to replace the certificates here. Unfortunately it the steps are written for users of Windows, but it also uses mostly cross-platform OpenSource tools and explains what's going on so I think it should be pretty translatable if you don't have access to any Windows boxes.
Just posting this so you have at least one go-forward path.
108 Replies
I have the same isssue. MD5 warning when connecting to the VPN on an iOS device.
Netgear are you looking at this issue? It won't work anymore from 30th of april 2018.
Hi All,
Resolution will be released prior to the deadline.
Any news on this update? It's April 1st and I need VPN up and running
axelsegerswrote:I have the same isssue. MD5 warning when connecting to the VPN on an iOS device.
Current firmware version on your R8900 / Nighthawk X10?
axelsegers wrote:
Netgear are you looking at this issue? It won't work anymore from 30th of april 2018.
A Netgear moderator has already answered a few replies before -> JamesGL in port #6.
Hasn't this been solved by the latest 1.0.2.46 firmware? Haven't installed it yet, but the changelog does say:
New Features and Enhancements: Supports the VPN client feature.
And this would suggest a fix in the VPN department. Don't want to install unless this is the case though, all is running well at the moment (at least until end of April haha).
Does anyone know if Netgear is issuing a fix for this before April 2018 EOL deadline or do I need to manually upgrade my certificate?
I just installed V1.0.1.44_10.0.28 for my R6900, not sure if it fixes the VPN issue, release notes said it fixes security issues, whatever that means. I'll test it later.
https://kb.netgear.com/000055156/R6900-Firmware-Version-1-0-1-44
- They have claimed that they will elsewhere in the forums. Based on their ability to deliver fixes for other critical product issues, I would be skeptical.
Fingers crossed but if they don't deliver close to the deadline, I'll install the certificate. Hopefully it doesn't get to that. Thanks for your writeup, I might have to go your route with some slight tweaks for Mac but it should be siimilar.
- OpenVPN 1.2.9 has changed the message to only appear once per session which makes this slightly less frustrating.
Nevertheless, it continues to defy explanation why Netgear is taking so long to fix this.This update resolved my issues with mulitple prompts per session.
I'm not extremly savy on certificates so was hoping someone could help. Is there another option other than MD5 certificate that Netgear offers or are we all waiting for Netgear to come up with something before the end of April?
Thanks!
-Cameron
- No, there's nothing users can do to change the system's certificate. You can install an alternative firmware but that comes with its own negatives.
This honestly doesn't seem like a particularly difficult change. Netgear needs to change the settings in the OpenVPN files they generate and seed a new certificate to devices.
They say to never attribute to malice what can be explained by incompetence but either way, it's an experience which has me questioning whether I'd buy a Netgear product again.
+100
This is extremely annoying when using the netgear vpn service.
I read "As soon as we have it working before 31 april 2018, it is ok. So that OpenVPN is not broken" at https://community.netgear.com/t5/Nighthawk-WiFi-Routers/OpenVPN-update-breaks-R7000-and-probably-other-routers-VPN/m-p/1435672/highlight/true. With the openvpn update I'd say from a user experience it is severly broken from 21st of february.
Please provide a solution as soon as possible.
