NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
MD5-Signed Certificate Warning with OpenVPN on iOS
As of version 1.2.8 of the OpenVPN app on iOS, OpenVPN issues the following warning: > WARN TLS: received certificate signed with MD5. > Please inform your admin to upgrade to a > stronger algori...
FYI, I documented the steps to required to replace the certificates here. Unfortunately it the steps are written for users of Windows, but it also uses mostly cross-platform OpenSource tools and explains what's going on so I think it should be pretty translatable if you don't have access to any Windows boxes.
Just posting this so you have at least one go-forward path.
martijn76wrote:Hasn't this been solved by the latest 1.0.2.46 firmware? Haven't installed it yet, but the changelog does say:
New Features and Enhancements: Supports the VPN client feature.And this would suggest a fix in the VPN department.
This "VPN Client" is a new feature for your router model: It does allow to initialise a VPN connection from the router ie. to your office or to a hide-my-a** VPN server.
It's probably best for end users if the generation is supported on the device directly, but could be accelerated by genie if it was available. It's the dh-param that is slow and in fact worst case they could keep the one the unit shipped with, even though it's too short IMO, and at least regenerate certificates that didn't have md5 digests. This would be a fairly fast operation.
However, if I was in the web interface and it said, "Are you sure you want to continue? Generating new certificates and parameters could take up to an hour and router performance may be slower during that time", I would be fine with it. Who wouldn't rather do that than pull out a laptop and do it all manually? Just run it before bed.
However, if I was in the web interface and it said, "Are you sure you want to continue? Generating new certificates and parameters could take up to an hour and router performance may be slower during that time", I would be fine with it. Who wouldn't rather do that than pull out a laptop and do it all manually? Just run it before bed.
I'm not a VPN expert. I've always updated software to makesure that I get the latest features and security protection in my software apps. OpenVPN software has been updated for both servers and clients since I installed it on the IOS and windows clients. I'm currently using at least a year old version of Openvpn client software on my IOS and Windows 10 devices through the R7000 Openvpn tunnel. I am also getting the MD5 certificate warning on my IOS devices. It would appear to me that an upgrade is needed to the VPN server software hosted by the R7000 and also updates to the apps running in the IOS devices. Am I correct?
- The critical part is the MD5 signed certificate most Nighthawk router still have in place.
- So there is no version compatibility issues between server and client OpenVPN software except for the unique issue that we have now? The IOS message also mentions “use of a stronger algorithm” ?
