说明：出厂固件版本1.0.1.36可以使用vpn。第一台R9000，升级固件1.0.3.10后，openvpn证书丢失，导致不能使用vpn。官方客服换了一台新机，并告知我1.0.3.10有bug，可以使用1.0.3.6，于是把第二台R9000升级到1.0.3.6，证书没有丢失，但是过期了，过期时间是1902年。降级固件也没用，证书不更新，一直是过期的证书。现在客服没有给出解决方案，也不能给解决，只说向研发报bug。我花了3000元买了一个全世界最牛逼的路由器，现在出问题没人给解决。我一次一次的电话邮件沟通，刷新各版固件，无偿的为你们做测试，现在没有任何一个人能给我一个明确的答复，只跟我说抱歉。

Hi Miadi To the extent I think I understand Chinese your R9000 has a certificate with an expiration date in 1902. No idea what can cause this - seen at least one more similar report some days ago here in the community. The Nighthawk firmware does usually come with a factory (hard coded) certificate, signed by Entrust, that's the one I have in place since 1.0.3.10 - conclude, there is a problem with some, but by far not all R9000 updated: This kind of factory certificate is also the reason why older firmware - which held indeed an expired certificate (but not back as far as 1902) - can't be used anymore. Digging again with the Netgear product engineer. (Edit:)If you have a minute - please download the OpenVPN Windows config from your R9000, unzip, and open (double click) ca.crt and client.crt - post the certificate overview and details.The older certificate set was valid from 25-APR-2014 ... 22-APR-2024, the one I have here on my R9000 is valid from 26-APR-2017 to 21-APR-2037. Curious about yours.(Edit end.) Regards,-KurtPS. Take this as another complaint AbhayB and NaderA - it's ridiculous how unreliable your supposedly leading edge (and expensive!) products are.

是那個證書有問題，ca，server，client，還是所有的

Hello Miadi,感谢您对NETGEAR的支持！关于R9000 VPN证书的问题，研发提供了以下修复版本，请下载更新。若问题未能解决，请及时与我们联系。多谢您的理解和配合！https://share.weiyun.com/56uI7XM

请您看一下我的解决方法，还需要怎样修复，毕竟这个服务器时间还有问题

openvpn 证书问题 | NETGEAR Communities

11 Replies

Miadi
Aspirant
Apr 19, 2018
schumaku
mingle123

更新到1.0.3.6，openvpn的证书日期就会变成 2018年12月1日 - 1902年x月x日，不仅仅是ca.crt/client.crt/client.key，server的证书也如此，cat一下easy-rsa中的所有文件，日期都是如此。。

现在我修改了一下vars，和服务器时间，只生成10年的，截止日期就不会变成1902年了。
具体方法在上面的附件中。
Jessie_Chen
Aspirant
Apr 19, 2018

Hello Miadi,
感谢您对NETGEAR的支持！
关于R9000 VPN证书的问题，研发提供了以下修复版本，请下载更新。若问题未能解决，请及时与我们联系。多谢您的理解和配合！
https://share.weiyun.com/56uI7XM
- Miadi
  Aspirant
  Apr 19, 2018
  你是谁？1.0.3.16固件是官方发出来的吗
  - schumaku
    Guru - Experienced User
    Apr 20, 2018
    This is R9000-V1.0.3.16.img image is identical to the one I have received from Netgear for testing - bit by bit, and same md5 checksum.
    
    Further on it does come with the updated dnsmasq.
- Miadi
  Aspirant
  Apr 19, 2018
  请您看一下我的解决方法，还需要怎样修复，毕竟这个服务器时间还有问题
mingle123
Tutor
Apr 19, 2018
是那個證書有問題，ca，server，client，還是所有的
- schumaku
  Guru - Experienced User
  Apr 19, 2018
  Check all three please.
schumaku
Guru - Experienced User
Apr 19, 2018
Hi Miadi

To the extent I think I understand Chinese your R9000 has a certificate with an expiration date in 1902. No idea what can cause this - seen at least one more similar report some days ago here in the community.

The Nighthawk firmware does usually come with a factory (hard coded) certificate, signed by Entrust, that's the one I have in place since 1.0.3.10 - conclude, there is a problem with some, but by far not all R9000 updated:

This kind of factory certificate is also the reason why older firmware - which held indeed an expired certificate (but not back as far as 1902) - can't be used anymore.

Digging again with the Netgear product engineer.

(Edit:)
If you have a minute - please download the OpenVPN Windows config from your R9000, unzip, and open (double click) ca.crt and client.crt - post the certificate overview and details.

The older certificate set was valid from 25-APR-2014 ... 22-APR-2024, the one I have here on my R9000 is valid from 26-APR-2017 to 21-APR-2037. Curious about yours.
(Edit end.)

Regards,
-Kurt

PS. Take this as another complaint AbhayB and NaderA - it's ridiculous how unreliable your supposedly leading edge (and expensive!) products are.
- Miadi
  Aspirant
  Apr 19, 2018
  不知道为什么，附件中文本内容不能发到论坛，发出来就被删掉了。
  请你们看一下我的解决方法，帮我完善一下，服务器的时间还是有问题的

Forum Discussion

openvpn 证书问题