Self-Signed Certificate option for 8-Port Gigabit Ethernet PoE+ Plus Switch (GS308EP)

There is barley room for adding a fully https capable server on these tiny switches uC - this is what allowed Netgear to implement a plain simple http server. Starting from GS308EP/GS308EPP firmware v2.0.0.10 (this or a slightly higher version will become available "soon", it's already out for the GS305EP/GS305EPP) . They have managed (almost magically) adding a management VLAN option at least.

 

There is much, much more required before a modern Web browser can and will consider a connection to be secure: These would be a signed certificate by a public PKI, the ability to check it against a Certificate Revocation List (CRL) or using an OSCP, the Online Certificate Status Protocol, allowing real-time status queries - just to mention a few, 

 

Netgear and knowledgeable users know: Modern Web browsers won't stop complaining about insecure connections, even if there would be a https connection. Using a self-signed certificate won't make the communication reasonably more secure. And the browser makers a perfectly correct in this aspect!

 

Sure, you might want to throw in the idea of using Let's Encrypt or ZeroSSL. These require even more code for automating SSL certificate management, like using  a REST API, supporting certificate issuance, certificate renewal, CSR validation, ...

 

Reality check? You typically connect using a direct network link on a closed network (LAN) or encrypted Wi-Fi. So there is not much to bother...

 

Regards,

-Kurt.

PS. ...not a formal Netgear rep,  just a realist knowing is possible nowadays

PPS. Despite of the designation "PoE+ Gigabit Ethernet Easy Smart Managed Essentials Switch" and the availability of some Web  based configuration options, these are not Managed Switches.