Enhancement Request: User-supplied SSL certificates for remote management

47 Comments

schumaku
Guru - Experienced User
Nov 19, 2018
Exactly, that's why we remove Let's Encrypt CA from the systems again. The proceses are not sufficient, and don't compare in any aspect to any other real CA. If you don't understand this part - keep having fun with it, it's ok for home users. It's not good enough for security and trust.
shamarin
Virtuoso
Nov 19, 2018
This router is for home users (SOHO router) and that's why we need such feature in it (implement Let's encrypt CA). Let's encrypt sert will be much more usable and secure then self signed untrusted sert generated by R7000.
schumaku
Guru - Experienced User
Nov 19, 2018
Do you understand what makes a certificate "trusted"?

What makes a browser show an all green or a limited green "trust"?

Let's Encrypt does open to many doors for abuse. The registration and the related processes are not good enough for a trust. "But my browser showed a green blah....".

Do you understand what is required to have major OS and browsers trusting a CA? Up front: A lot of money.
schumaku
Guru - Experienced User
Nov 19, 2018
The feature request up here is NOT about Let's Encrypt. It's about generic CA support.

I'm fine if you want Let's Encrypt. Use search or file a dedicated feature request if there isn't one for it.
cmweiss
Aspirant
Nov 19, 2018
I don't care how https is enabled. I don't care if it's with a CA cert or with a self signed cert. I want https period.
shamarin
Virtuoso
Nov 19, 2018
Did it https://community.netgear.com/t5/Idea-Exchange-For-Home/Implement-Let-s-encrypt-to-Nighthawk-serious/idi-p/1666096#M1906 You can vote for this.
GearEngineer
Novice
Dec 10, 2018
Valid Certificates are the foundation of security.
Chance1775
Novice
Mar 22, 2019
Are these boards even moderated by NetGear? This was originally posted on ‎2016-12-15 and nothing????
RNASguy
Luminary
Mar 28, 2019

@tool Fledgling on ‎2018-07-06 08:22 PM wrote:

really hard to believe that this doesn’t have miore votes AND it is only in an engineering investigation stage for 9 months. if you are going to offer remote management then don’t do it half way, especially when it involves security. the d7000 self signed certs are rejected more and more as FF and Chrome up the security levels with each release - sure i can use IE, but not when I’m on my mobile device trying to give needed access to family at home. Please do TLS properly and have upload of certificate store as feature or remove remote management as it is broken in its current form.

I could not agree more. Also please do NOT bake in Lets Encrypt. It is not a reliable CA. Given the times we are in all remote access is broken without HTTPS and a real CA cert.

And why on earth has this been sitting here since Dec 2016. Really... it takes years of dev to get this??
schumaku
Guru - Experienced User
Mar 29, 2019
Well, we're in the Home environment here, so these must be considered consumer devices. Let's Encrypt is a nice solution for this market, as most consumers don't have own domains anyway. The same - lack of a bind ot a customer owned certificate - on the other hand is one of the trust-stopper for that CA. Doing false (say hype) marketing for ACxxxx, AD7200, AX6000 or AX11000 - all numbers most peoplne never see - have priority to keep the market aehm Dollars rolling. With the ability to generate CSRs, to import certificates, there isn't much business to generate. Figure. With thid kind of delay politics, the EoL for many of these devices will come long before they change from their late 1990s router specs. Sad but true.