I have been using my Duo V2 with chrome without any problems for sometime... I followed the examples about importing a certificate and all has been well for years.I have no problem with IE 11 but the latest version of Chrome 42.0.2311.90 m now displays a broken line through the https when I access my Duo on the local network. I have tried importing the certificate but have had no luck. Is anyone else experiencing this.When I click on the crossed padlock it tells me the identity cant be verified and that future versions of chrome will prevent me accessing it.......WTF

Have you tried using other PCs/laptops to isolate the problem?

Can you cut/paste the exact text you are seeing in the browser?

I can't cut and paste it won't let me in chrome.....I updated the browser on another computer too and am getting the same warning only using Chrome not IE 11192.168.1.4 identity not verifiedIt says the identity of the website has been verified by 192.168.1.4 but does not have public audit recordsThe site is using outdated security settings that may prevent future versions of Chrome from being able to safely access itYour connection to 192.168.1.4 is encrypted with obsolete crytographyThe connection uses tls 1.0

5.3.12 beta should fix the outdated security settings warning. You can find that here: viewtopic.php?f=148&t=72267. The public audit record warning might also disappear (not sure). A self-signed cert won't have public audit records.Note that there is also a 4.1.x firmware beta for duo v1 (I mention this because many v1 owners mistakenly think they have a v2).

I'm already using 5.3.11 it's not a beta though....I have a v2 and a v1. I haven't tried the v1 yet. I've just followed your suggested link and now assume that it's 5.3.12 beta. I've always had problems with betas not being stable, any idea when it might be a general release. Thanks for your help StephenB

HTTPS, ReadyNAS Duo V2 and Chrome

13 Replies

Replies have been turned off for this discussion

StephenB
Guru - Experienced User
Apr 21, 2015
Well, there is general agreement that sha1 needs to be deprecated for PKI certficates. However, they aren't used in self-signed or root certificates in the same way.

There are four basic ways it could play out:
-Google changes the behavior of Chrome with self-signed certs
-Netgear decides to generate self-signed certs with sha256
-you uninstall the cert, and revert to the warning I am seeing.
-People stop using Chrome with the NAS (using IE or Firefox instead).
brinzlee
Aspirant
Apr 28, 2015
If its an outdated certificate....surely it would be in Netgears interest to stop the units being hacked
Does this problem still exist with the new breed of NAS with iOS 6.
Is it a case of going on bended knee and asking Netgear to consider upgrading to sha256
StephenB
Guru - Experienced User
Apr 28, 2015
To be very clear -
(a) The SHA256 change is certainly needed for PKI certs. Those certificates are verified with the certificate authority using the sha signature. SHA1 will not be strong enough for that relatively soon (due to dropping costs of cloud computing).
(b) But self-signed certificates (like all root certificates) aren't verified with the sha signature at all. Instead they are simply installed.

So changing the self-signed cert to SHA256 doesn't improve the security (e.g., make the units "more hackable").

Google is (for unknown reasons) choosing to needlessly apply the sha256 check with a self-signed cert. Going to sha256 in the NAS avoids the error message from Chrome, but that is all it does.

Forum Discussion

HTTPS, ReadyNAS Duo V2 and Chrome

13 Replies

Related Content

Chrome Certificate

Microsoft Edge and now Chrome browsers cannot connect to router via http://

ReadyNAS Duo Connection to Chrome OS

Chrome error NET::ERR_CERT_AUTHORITY_INVALID

ReadyNas Pro4 chrome - frontview not available

NETGEAR Academy

ProSupport for Business