Orbi WiFi 7 RBE973
Reply

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)

woodd
Aspirant

FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)

I have the FVS336G installed to load balance between two internet providers (small office)

The admin page is SSL secured with a self signed NetGear CA certificate - After I add this certificate into my trusted list in Windows the browser complains about it using an obsolete cipher suite. I am concerned at some point these browsers are going to shut down access to this NetGear Firewall

 

I tried installing a self signed root CA cert and signing the FVS336G generated request with it - but it must only be used with VPN as it did not change the certificate used by the admin page.

 

Is there a way to update this admin certificate? 

Or maybe a way to disable SSL - I have no interest in remote managing the FVS336G.

Is there a way to SSH into the firewall and swap out a certificate file or something?

 

...Dale

PS: I have the latest firmware installed.

Message 1 of 12

Accepted Solutions
DaneA
NETGEAR Employee Retired

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi woodd,

 

The FVS336Gv1 does not have a console port whereas both the FVS336Gv2 and FVS336Gv3 does have a console port.  However, there is still no option to update the admin certificate nor swap out the certificate file via a console connection.

 

As per the CLI reference manual, it says on page 6: "You cannot generate and upload a certificate through the CLI..." You may access the CLI reference manual here.  

 

 

Regards,

 

DaneA

Netgear Community Team

View solution in original post

Message 4 of 12

All Replies
DaneA
NETGEAR Employee Retired

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi woodd,

 

I have checked that you have already contacted Netgear Chat Support and you have an FVS336Gv1 which is already End-Of-Life (both FVS336Gv2 and FVS336Gv3 are not yet EOL).

 

I don't think there is way to update the admin certificate nor swap out the certificate file via SSH.

 

Welcome to the community! Smiley Happy

 

 

Regards,

 

DaneA

Netgear Community Team

Message 2 of 12
woodd
Aspirant

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Well then - 

- let me ask the same question about the FVS336GV3 (or V2).

 

Can you change the certificate used for the Admin page on the FVS336GV3?

 

I would like to know that I will not be forced into some perpetual hardware upgrades due to the loss of being able to connect with a browser.

Better yet, if access could optionally be in the clear for LAN connections.

 

 

...Dale

 

Message 3 of 12
DaneA
NETGEAR Employee Retired

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi woodd,

 

The FVS336Gv1 does not have a console port whereas both the FVS336Gv2 and FVS336Gv3 does have a console port.  However, there is still no option to update the admin certificate nor swap out the certificate file via a console connection.

 

As per the CLI reference manual, it says on page 6: "You cannot generate and upload a certificate through the CLI..." You may access the CLI reference manual here.  

 

 

Regards,

 

DaneA

Netgear Community Team

Message 4 of 12
scsailor
Initiate

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi,


I too have run into the problem that trying to connect results in this message:


"An error occurred during a connection to 192.168.2.1. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) .

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."

I do not know how to update the firmware if that is what it takes, nor update the certificate.

Will this be something I can fix?  Or will I need to replace the Firewall?  Your response to the original question seems to be that "It cannot be fixed on the Netgear FVS336G Firewall"?

Please help provide a solution as this is my router to my work and I use it all day, every day.  No network, no job.

(I only have one old laptop that can still connect, Every other device I have gets the same complaint when trying to connect.)

Thanks for any help you can provide.

Mike

Message 5 of 12
DaneA
NETGEAR Employee Retired

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi scsailor,

 

Kindly answer the questions below:

 

a. Have you tried using other browsers like Firefox or Safari?

b. What is the Operating System of your old laptop?

c. What is the current firmware of your FVS336G?

d. Did you make any changes on the settings of the FVS336G?

 

I look forward to your response.  Welcome to the community! Smiley Happy

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 6 of 12
woodd
Aspirant

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi Mike;

 

If you have the V1 variant then I know how you feel.

 

You will have to hang on to older browser versions that are less concerned about the old certificate in the Firewall.

Its too bad you can't disable SSL on the administration screen if you disable remote access. 

 

The embeded SSL security certificate has many years before it actually expires at which point it does not matter how much you like it - you will not have access to the administration of the box.

 

I have been using the unit in a home environment where I too use it to connect to work.

One WAN connection is provided by my employer and the other WAN is our home connection.

I use the Firewall to load balance and to ensure data usage does not go over its limit on my employers connection.

 

In summary - The certificate is what it is and is rapidly loosing favor with the newer browsers. 

Get an older version browser and keep it out of the auto update cycle on your computer. 

 

 

Message 7 of 12
scsailor
Initiate

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)25684383

Hi DaneA,

 

a. Have you tried using other browsers like Firefox or Safari?

 

I am using firefox 41.0.2.  I've tried setting the about:config security.tls.version.min to 0 and also using the SSL Version Control to enable SSLv3 for a one time connection, but they both failed.  (Btw, I also have the same problem with an 802.11 linksys wireless access point.)

 

b. What is the Operating System of your old laptop?

 

I had Ubuntu something.31 on an old netbook, but somehow it got updated when someone else was using it and now it fails with something.40.  I can borrow another Ubuntu 10.04 based laptop that still connects.  My failing laptops are a Windows 7 PRO plus a Surface with Win 10. The Win7Pro system runs OpenSuse under Oracle Virtual Box.

 

c. What is the current firmware of your FVS336G?

 

Gee, If I could connect, I could probably find out. 🙂  Using the borrowed laptop I found "System Info"... Name: FVS336G FW Version: 3.0.5-25.

 

d. Did you make any changes on the settings of the FVS336G?

 

I'm not sure as you change a lot of things to accommodate various support scenarios.  I didn't do anything so advanced that I didn't understand what I was doing (which is limited as I'm a kernel engineer, not a network expert).  I certainly didn't do anything to mess with security or certificates.  I setup things like routing groups directed to either one or the other of the ports as well as running load balancing.

 

 

As I mentioned, I'm more than willing to upgrade the hardware to a newer version if I could get a pointer (other than eBay which is not always that reliable.)  In the bigger scheme, this hardware is a small part of the overall system setup.  I like the dual WAN ports as I have both a standard telcom modem and a cable modem, and the later while faster gets bogged down with traffic esp. starting around 5pm.

And it allows interruptions from either one or the other as they depend on separate power souces for the network infrastructure.

 

Thanks for any help you can provide!  My recreational email address is: sc50sailor at gmail.com if needed.

 

Regards,

Mike

Santa Cruz, CA

 

Message 8 of 12

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)

I have a similar problem; I cannot load the sign in page at all 192.168.1.1 returns with a blank page "This connection for this site is not secure" and "192.168.1.1 uses an unsupported protocol" then "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" Tried every browers I can think of tried turning off cookies cash even three different computers and nothing!

Message 9 of 12
schumaku
Guru

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)

Similar problem, almost 10 years later - considering much more than an updated valid certificate would be required?

Message 10 of 12
ErwinL
NETGEAR Moderator

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)

Hello@josephinelcajon

 

Unfortunately Netgear has ended the life of router FVS336G serval years ago. There are no longer firmware updates for it to support new versions of browsers protocol. When your browser’s TLS and SSL settings don’t align with what the server expects, you’ll see that error. But if you wish to have access to it's user interface there is a way but would require you to change configurations on browser. I found one example that might help is from the link below:

https://www.designbombs.com/how-to-fix-the-ssl_error_no_cypher_overlap-in-firefox/

 

Have a lovely day,
Erwin
Netgear Team

Message 11 of 12
ErwinL
NETGEAR Moderator

Re: FVS336G How do I change the certificate presented from 192.168.1.1 (Default admin)

Hello@josephinelcajon

 

Was your problem resolved? In this case could you give us a feedback on the situation and accept the post as a solution to make it more visible to other users?

 

Thanks in advance! 🙂

 

Have a lovely day,
Erwin
Netgear Team

Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 10028 views
  • 2 kudos
  • 6 in conversation
Announcements